On Saturday 04 September 2010 08:45:03 Sean Dague wrote: > On 09/03/2010 11:38 PM, Orion Vianna wrote: > > Things that I'm thinking of doing: > > - Install snort - network intrusion prevention and detection ( I did > > this years ago but IIRC it used to generate many false alerts) > > Is there any good companion software for snort? Something that can > > digest snorts data and present it nicely formatted to me over email > > and/or web interface. This seems interesting > > http://sguil.sourceforge.net/index.html but I don't know if it provides > > email notifications. > > - install Nagios (IIRC it can send notifications when services are down) > > - Install munin for performance monitoring > > - change sshd port (is it worth the extra trouble?) > > - alerts for any type of terminal login (is this possible?) > > One thing to remember, the bulk of break ins to systems is via the web > application layer. Denyhosts (or equiv) plus just having reasonable > passwords secures your ssh vector, beyond that is getting overkill fast.
The DenyHosts part is covered: 'Fail2Ban' is another Python script that works similar to DenyHosts, except it makes temporary iptables firewall rules instead of using TCP wrappers. The nice thing about Fail2Ban is that it can cover more services than simply ssh. -- Chris -- Chris Knadle [email protected] _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 6 - Creating Browser Extensions for Firefox and Chrome Nov 3 - Bug Labs Dec 1 - Dec 2010 Meeting
