Port knocking script/server for fedora?

Tom Rivers tom at impact-crater.com
Wed Nov 19 16:36:41 UTC 2014

On 11/19/2014 07:38, Bruno Wolff III wrote:
> On Wed, Nov 19, 2014 at 11:58:11 +0000,
>  Patrick O'Callaghan <pocallaghan at gmail.com> wrote:
>> If the main concern is ssh hacking, you might consider denyhosts (yum
>> install denyhosts). It's easy to set up and seems to be effective. The
>> logs make fascinating (and scary) reading.
> openssh stopped supporting tcpwrappers/libwrap in version 6.7 (which 
> isn't in Fedora yet), so this will stop working in the not too distant 
> future unless the Fedora maintainer puts that feature back in.

I've found fail2ban to be the weapon of choice.  Not only will it block 
brute force attempts by bad guys for SSH, but you can also configure it 
to block attempts against other services.  For example, I use it to 
block attempts to send email through the server from addresses that may 
be forged.  It works like a charm, is easy to configure and use, and yum 
should give it to you in a snap.


More information about the users mailing list