Security type question

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read this

Security type question

Postby homerscousin on Mon Nov 26, 2012 6:21 pm

I don't think I have seen a question like this posted here so here goes. I check my log files occasionally and in authentication log there are usually quite a few 'failed password for invalid user' or 'failed password for root' entries. Same IP, different port, ssh2. I made a change to my etc/ssh/sshd_config file some time ago changing the entry Permit Root Login from yes to no. I checked the log file an hour ago and still see many entries like this. I guess they are more annoying than actually dangerous. So, I added the following line to that file, recommended from a Google search.

MaxAuthTries 5

I don't know yet what effect that new line will have.

Just wondering if I should spend more time with this and maybe get into IP tables or other, or is this really commonplace and just an annoyance.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
homerscousin
Level 5
Level 5
 
Posts: 541
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Linux Mint is funded by ads and donations.
 

Re: Security type question

Postby Olson on Mon Nov 26, 2012 9:47 pm

Sounds like the normal kind of "background noise" of the internet to me, nothing of great concern.

Make sure you choose decent passwords - remember length is more important than using upper / lower case and numerics and stuf like that, so long as you're not choosing words from the dictionary. https://www.grc.com/haystack.htm

There's a little app called fail2ban you can install, which basically bans hosts that make many failed connection attempts, if that make you feel any better. Worked well for me before I stopped caring :)
Olson
Level 1
Level 1
 
Posts: 22
Joined: Sat May 05, 2012 4:42 am

Re: Security type question

Postby homerscousin on Tue Nov 27, 2012 4:19 pm

Yup. Kinda how I see this. Just background noise from dingbat brute force attempts around the world. I'll post in a week or so if that one added line has any effect.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
homerscousin
Level 5
Level 5
 
Posts: 541
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Re: Security type question

Postby homerscousin on Wed Dec 05, 2012 4:11 pm

Just to let people know, I have completely solved this. I used the advice from these 2 urls:
http://www.iana.org/assignments/service ... umbers.xml
http://www.thegeekstuff.com/2011/05/openssh-options/

I hesitate to post my exact solution, but you can quite easily figure it out. My auth log is now completely devoid of any unauthorized login attempts.

Edit: that one added line had no effect.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
homerscousin
Level 5
Level 5
 
Posts: 541
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Re: Security type question

Postby homerscousin on Tue Dec 25, 2012 7:18 pm

OK. Been a couple weeks. I changed a couple settings and the port assingment for ssh2. I have had 0 unauth log attempts in this time. It works. Wanted to make sure there were no complications before my final post.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
homerscousin
Level 5
Level 5
 
Posts: 541
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Re: Security type question

Postby homerscousin on Sat Dec 29, 2012 7:44 pm

Just wanted to add one more thing. UFW, uncomplicated firewall, is not enabled by default. This is a built-in firewall for Linux Mint. You have to open a terminal and enable it. See this URL, it may be helpful. http://www.linuxdistrocommunity.com/vid ... c3A5Dy4xE0
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
homerscousin
Level 5
Level 5
 
Posts: 541
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)


Return to Other topics

Who is online

Users browsing this forum: archolman and 6 guests