Hardening Artica [CLOSED]

All related to OpenSSH managed by Artica

Hardening Artica [CLOSED]

New postby Friend7 » Fri Jun 03, 2011 12:18 am

Hello Admin,

I have had a very big problem today.

I think that Artica-Zarafa was in the middle of a cyber war but It was NOT my war.
Some hackers from China have been attacking some US networks.

Please read this post: http://forum.artica.fr/viewtopic.php?f=10&t=3783

Could you please add more protection to Artica like psad [Anti-scan Intrusion Detection] or CSF [from console]?

I really really want to ban China from all my Artica Servers.

I have been working with linux for about 4 month and it is very difficult for me to deal with those mayor attacks.

Thanks and Best Regards,

Image

Image
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Hardening Artica [OPEN]

New postby abolinhas » Fri Jun 03, 2011 2:03 am

You are using the "Deny Countries" feature ? If yes try play whit score
Cumprimentos / Best Regards

André Bolinhas
Twitter: @abolinhas
User avatar
abolinhas
 
Posts: 1015
Joined: Fri Jun 19, 2009 8:50 am
Location: Portugal
Artica servers number: 4
Linux System: Ubuntu
Technical skills: A Linux System Administrator

Re: Hardening Artica [OPEN]

New postby Friend7 » Fri Jun 03, 2011 2:14 am

1.
play whit score


What do you mean?

2. I have closed port 25 for a while.

3. I think that this is a bigger issue.

Probably … hackers’ ports scanning are triggering alerts at Network Monitoring. :idea: :x :x :x :x :x
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Hardening Artica [OPEN]

New postby admin » Fri Jun 03, 2011 10:34 am

We will add this features in 2 times
First apply this patch
tar -xf patch-030612272011.tar.gz -C /usr/share/artica-postfix/

after few minutes, you must see this
2011-06-03_122920.png
2011-06-03_122920.png (32.08 KiB) Viewed 9068 times


The patch allow a new pattern "isfailed" in the search function that display only failed connections
2011-06-03_123152.png
2011-06-03_123152.png (31.84 KiB) Viewed 9068 times


If it works, we move to the step2 (block by country)
Attachments
patch-030612272011.tar.gz
(32.34 KiB) Downloaded 381 times
User avatar
admin
Site Admin
 
Posts: 11946
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Hardening Artica [OPEN]

New postby abolinhas » Fri Jun 03, 2011 10:49 am

Hi,

@Friend7
play whit score
What do you mean?


Image
Cumprimentos / Best Regards

André Bolinhas
Twitter: @abolinhas
User avatar
abolinhas
 
Posts: 1015
Joined: Fri Jun 19, 2009 8:50 am
Location: Portugal
Artica servers number: 4
Linux System: Ubuntu
Technical skills: A Linux System Administrator

Re: Hardening Artica [OPEN]

New postby Friend7 » Sat Jun 04, 2011 5:53 am

Hello abolinhas

Please read: viewtopic.php?f=80&t=3793

Best Regards,
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Hardening Artica [OPEN]

New postby Friend7 » Sat Jun 04, 2011 5:54 am

Hello Admin,

If I have 1.5.060317, I do not need patch.

Am I Right?

Also, isfailed is working very well. Could you add "blocking by country"?

Best Regards,

Image
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Hardening Artica [OPEN]

New postby admin » Sat Jun 04, 2011 9:05 am

yes but it seems that geoip is not really installed on your system.
User avatar
admin
Site Admin
 
Posts: 11946
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Hardening Artica [OPEN]

New postby Friend7 » Sat Jun 04, 2011 4:03 pm

Hello Admin,

I think, GeoIP is enabled. Am I Wright?

Best Regards,

Image

Image

Image
Last edited by Friend7 on Sat Jun 04, 2011 4:07 pm, edited 1 time in total.
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Hardening Artica [OPEN]

New postby Friend7 » Sat Jun 04, 2011 4:07 pm

Image
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Next

Return to OpenSSH

Who is online

Users browsing this forum: No registered users and 2 guests

cron