-
Continue improving hardening started in webplatform/ops#100.
- [ ] Setup fail2ban to detect and ban "Possible break in attempt" attackers
- [ ] [Setup PSAD](http://hardenubuntu.com/software/install-ps…
-
Hi All,
Denyhosts works great for me, however i got one problem. I always use key authentication on my ssh server. When i authenticate as root user with password (so not with key) denyhost wont ban…
-
the daemon-control-dist file refers to denyhosts.py in /usr/sbin but install.py places it in /usr/bin along with the daemon-control-dist file itself. either the install.py file needs fixing, or the da…
-
Basically, denyhosts calls os.system to shell out to iptables. This leaks all of the open file descriptors to iptables, which causes selinux to have issues. See the Fedora bug at https://bugzilla.re…
-
RHEL support requires the addition of EPEL as a Yum repository. I don't want that kind of platform specific logic baked straight in to the module since there are other things that those using EPEL pro…
-
The current tracking of allowed hosts is overly restrictive and should be extended to allow any subnet mask as a wildcard and not only the last octet of an IPv4 address.
I've implemented this in http…
-
We should be able to read systemd's journal in addition to parsing text from sshd log files.
-
I wonder if delaying (or preventing) multiple concurrent outgoing exit connections to the same IP address would help reduce Exit abuse complaints. (Or if it would help set reasonable defaults for repo…
-
Connection from xx.xx.xx.xx port xyxyx on SERVEUR port 22
Unable to negotiate with xx.xx.xx.xx port xyxyx: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellm…
-
All log parsing/etc. only supports IPv4 addresses, and we should be able to identify/block IPv6 addresses also.