Open Robert-Grundstrom opened 6 years ago
Robert-Grundstrom
commented
6 years ago Ive written the rules that should be applied to the iptables but there is an issue regarding the source. If using multiple options in the pillar file it will not work as intended.
Need to investigate further on how i should solve this issue.
Robert-Grundstrom
commented
6 years ago Preliminary testing looks good. Did some Brute force attempts towards the SSHD service and after a few attempts it started dropping the packets and was logging MAC-Addresses as well as IP-Addresses.
When the rule kicked in I was able to login from another IP-Address using the right credentials and I was able to connect directly so it is blocking the source of the brute force attack only.
Robert-Grundstrom
commented
6 years ago There seems to be some kind of bug or fail in the code im writing. The SSHD rules gets applied successfully but after a reboot on the host and running the code again the SSHD firewall rules gets written again.
Seems like salt does not reconise that the firewall rules is present and writes them again. I have created a bug report: https://github.com/saltstack/salt/issues/44147
A little refrence https://www.rackaid.com/blog/how-to-block-ssh-brute-force-attacks/