Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-04-2007, 12:46 AM
|
#1
|
Member
Registered: Jul 2004
Location: USA
Distribution: Mint, Scientifc Linux, Ubuntu
Posts: 180
Rep:
|
how to automatically block an IP after trying log in multiple times?
I have root access to a linux machine in office.
From home I need to log in to it using DHCP.
So I cannot only allow accesses from specific IP
addresses. When I check the system log, I found there
were attack attempts from different IPs. I could block
those IPs with "iptables -A INPUT -s harmful_IP -j DROP".
But I still feel unsafe even though I don't allow
root access remotely at all. So I want to know how
to automatically block an IP if there are a certain
amount of unsuccessful login attempts.
Anyone can provide a direction to look into?
Or exact procedures to follow? My linux machine is
running CentOS 4.4.
Thanks!
|
|
|
03-04-2007, 01:49 AM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
there's actually tons of tools that do this... here's a few examples:
http://denyhosts.sourceforge.net/
http://www.fail2ban.org/
http://www.aczoom.com/cms/blockhosts/
BTW, this is a very common question... so much so that there's a sticky thread entitled "Failed SSH login attempts" at the top of this forum... not sure if you missed it or something... anyhow, like i said, the links i posted are just a few examples... if you read through the sticky or do some googling i'm sure you can find many more solutions... i hope you find one you like... good luck...
|
|
|
03-04-2007, 09:37 PM
|
#3
|
Member
Registered: Jul 2004
Location: USA
Distribution: Mint, Scientifc Linux, Ubuntu
Posts: 180
Original Poster
Rep:
|
thanks for your help.
yeah, should have looked up similar threads a little bit more.
i tried to search first but was not sure what exactly I should
look for :-)
Quote:
Originally Posted by win32sux
there's actually tons of tools that do this... here's a few examples:
http://denyhosts.sourceforge.net/
http://www.fail2ban.org/
http://www.aczoom.com/cms/blockhosts/
BTW, this is a very common question... so much so that there's a sticky thread entitled "Failed SSH login attempts" at the top of this forum... not sure if you missed it or something... anyhow, like i said, the links i posted are just a few examples... if you read through the sticky or do some googling i'm sure you can find many more solutions... i hope you find one you like... good luck...
|
|
|
|
All times are GMT -5. The time now is 05:47 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|