New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Recommend me a software firewall?
Hey guys, I just wanted to get your advice on a software firewall I should use for my Ubuntu box, I get brute force attacks on SSH every day, and I would like a firewall that auto-bans IPs when they fail to connect a certain number of times & also filter out some basic dos attacks.
Thanks,
Comments
Fail2Ban will do the incorrect logins with ease.
Look at csf or apf with bfd
http://www.rfxn.com/projects/
http://www.configserver.com/cp/csf.html
Why not use SSH keys? That will eliminate your need for a firewall.
I'd second that if you really need passwords/maybe rate limiting with iptables too depending on circumstances. But I'd be asking if you really need SSH password authentication on or could instead change to key authentication.
Won't you need the keyfile everywhere you go? would be pretty annoying to have to have the key file with you.
Yeh, but depends on what it's for i.e. how secure vs. how accessible it needs to be.
A handy trade-off if you have an Android/iPhone is setting up SSH using Google's Two-Factor PAM module, as per http://www.techrepublic.com/blog/opensource/two-factor-ssh-authentication-via-google-secures-linux-logins/2607
Just need the Google Auth app on your phone then. Used that for personal stuff before.
Is this a personal box, or do you also have clients logging in by SSH? If it's a personal box it's simpler to setup iptables with some rules to run at boot time to only allow SSH login from your IP or network. CSF, APF, fail2ban are a tad heavy for a lowendbox.
What? Firewalls have other benefits.
Security is always the inverse of convenience.
@Insidiea - you can reduce that problem dramatically by running ssh on a random high port.
I like CSF and use it but fail2ban is another oft-mentioned alternative.
1) Use a nonstandard port
2) Use RSA keys (I carry a microUSB with a handful of locked keyfiles)
3) Disable root and password-based logins
You are now protected from 99% of brutes. Enable a service such as fail2ban, and you can bump that up to .99
The server is for Minecraft, and it doesn't really need to be accessed from everywhere, so I guess I could setup a SSH Key, anyone know of a good detailed tutorial?
I run a fair sized community, and every once and a while there's these kids trying to take down the server by dosing it, they don't really succeed, but I have a 1gbps line so I'm not sure if that has anything to do with it.
As far as a firewall being intensive on the box, to clarify it's a dedicated server with 8GB of RAM and a i3 3.10GHz, I would prefer to keep the resource usage as little as possible for the fire wall though.