All:
One thing I noticed while troubleshooting the recent ruleqa problems on
the zone VMs was the number of failed SSH logins to random and system
accounts. I was contemplating putting in explicit DenyUsers for the
various system accounts, but I was a little reluctant to do system-level
stuff like that without infra involvement.
Should we (ask infra to) put something like fail2ban on the zones boxes,
and add explicit DenyUsers for the existing system accounts (like
postgres(!))?
More generally: how autonomous are we the SA devs in administration of the
zone VMs?
I was reminded by this:
http://isc.sans.edu/diary/SSH+Password+Brute+Forcing+may+be+on+the+Rise/12133
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The question of whether people should be allowed to harm themselves
is simple. They *must*. -- Charles Murray
-----------------------------------------------------------------------
10 days until Bill of Rights day
