Another little tip as regards the defaults ports and always changing them (linux pc server)
I use iptables to block default ports
iptables -A INPUT -p tcp --dport 21 -j DROP
iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 23 -j DROP
iptables -A INPUT -p tcp --dport 25 -j DROP
iptables -A INPUT -p tcp --dport 4567 -j DROP
iptables -A INPUT -p tcp --dport 12000 -j DROP
iptables -A INPUT -p tcp --dport 16000 -j DROP
iptables -A INPUT -p tcp --dport 16001 -j DROP
iptables-save
Lets say you checked your /var/log/auth.log
Now here is the login file for your server (ssh), lets say someone decided to try and access it or more than one person.
failed login from lets say 81.40.50.60 and 90.87.35.21
iptables -A INPUT -s 81.40.50.60 -j DROP
iptables -A INPUT -s 90.87.35.21 -j DROP
Again each time you add any rule to iptables you finish with
iptables-save
Also advisable to change the default login port in SSH which is 22.
Now there is a few ways to get the iptable rules to load on startup (reboot and they are gone), I find a very simple method is to simply
iptables-save >/var/etc/iptables.conf
You can save them to whatever path you like, just don't save them to /tmp for obvious reasons.
After a reboot to put iptables back
iptables-restore </var/etc/iptables.conf
I find this way if you need to block any user/ports then by adding more users/ports simply
iptables-save
Then back iptables up again to your folder.
You can simply list what ports and ip addys you have banned with
iptables -L -n
Yes there is the fail2ban and more than likely other scripts for banning users, hopefully those that want to learn some linux will actually do it manually.
Your cccam log will also show you any illegal/dodgy login attempts, simply add them, make a mistake, very easy to remove that users IP.
BTW, don't go blocking your own IP, that would be silly :)
Nema komentara:
Objavi komentar