Security type question

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
homerscousin
Level 5
Level 5
Posts: 531
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Security type question

Postby homerscousin » Mon Nov 26, 2012 6:21 pm

I don't think I have seen a question like this posted here so here goes. I check my log files occasionally and in authentication log there are usually quite a few 'failed password for invalid user' or 'failed password for root' entries. Same IP, different port, ssh2. I made a change to my etc/ssh/sshd_config file some time ago changing the entry Permit Root Login from yes to no. I checked the log file an hour ago and still see many entries like this. I guess they are more annoying than actually dangerous. So, I added the following line to that file, recommended from a Google search.

MaxAuthTries 5

I don't know yet what effect that new line will have.

Just wondering if I should spend more time with this and maybe get into IP tables or other, or is this really commonplace and just an annoyance.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.

Olson
Level 1
Level 1
Posts: 28
Joined: Sat May 05, 2012 4:42 am

Re: Security type question

Postby Olson » Mon Nov 26, 2012 9:47 pm

Sounds like the normal kind of "background noise" of the internet to me, nothing of great concern.

Make sure you choose decent passwords - remember length is more important than using upper / lower case and numerics and stuf like that, so long as you're not choosing words from the dictionary. https://www.grc.com/haystack.htm

There's a little app called fail2ban you can install, which basically bans hosts that make many failed connection attempts, if that make you feel any better. Worked well for me before I stopped caring :)

homerscousin
Level 5
Level 5
Posts: 531
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Re: Security type question

Postby homerscousin » Tue Nov 27, 2012 4:19 pm

Yup. Kinda how I see this. Just background noise from dingbat brute force attempts around the world. I'll post in a week or so if that one added line has any effect.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.

homerscousin
Level 5
Level 5
Posts: 531
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Re: Security type question

Postby homerscousin » Wed Dec 05, 2012 4:11 pm

Just to let people know, I have completely solved this. I used the advice from these 2 urls:
http://www.iana.org/assignments/service ... umbers.xml
http://www.thegeekstuff.com/2011/05/openssh-options/

I hesitate to post my exact solution, but you can quite easily figure it out. My auth log is now completely devoid of any unauthorized login attempts.

Edit: that one added line had no effect.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.

homerscousin
Level 5
Level 5
Posts: 531
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Re: Security type question

Postby homerscousin » Tue Dec 25, 2012 7:18 pm

OK. Been a couple weeks. I changed a couple settings and the port assingment for ssh2. I have had 0 unauth log attempts in this time. It works. Wanted to make sure there were no complications before my final post.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.

homerscousin
Level 5
Level 5
Posts: 531
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Re: Security type question

Postby homerscousin » Sat Dec 29, 2012 7:44 pm

Just wanted to add one more thing. UFW, uncomplicated firewall, is not enabled by default. This is a built-in firewall for Linux Mint. You have to open a terminal and enable it. See this URL, it may be helpful. http://www.linuxdistrocommunity.com/vid ... c3A5Dy4xE0
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.


Return to “Other topics”

Who is online

Users browsing this forum: No registered users and 2 guests