Sub-topics
Prevent ssh brute force attacks with sshdfilter
Protecting ssh with iptables
Protecting ssh with sshguard
Protect sshd with SEC
Block Treason uncloakced attack
Protecting Apache
mod_evasive can block possible DoS attacks. At the time of writing, no log or email is sent. I tested it with apachebench.Installation
Obtain mod_evasive from http://www.zdziarski.com/projects/mod_evasive
For apache with DSO support, use the following commands to install
/usr/sbin/apxs -i -a -c mod_evasive20.c
/usr/sbin/apxs -i -a -c mod_evasive20.c
Configuration
Add the following in httpd.conf:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2 # num of request per page
DOSSiteCount 50 # request per site per client
DOSPageInterval 1 # 1 second
DOSSiteInterval 1 # 1second
DOSBlockingPeriod 10 # 10 seconds blocking period
DOSEmailNotify you@yourdomain.com
DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSLogDir "/var/log/httpd"
</IfModule>
<IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 # num of request per page DOSSiteCount 50 # request per site per client DOSPageInterval 1 # 1 second DOSSiteInterval 1 # 1second DOSBlockingPeriod 10 # 10 seconds blocking period DOSEmailNotify you@yourdomain.com DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" DOSLogDir "/var/log/httpd" </IfModule>
SSHD settings
Referring to sshd_config's manual, one can use the followings to harden the sshd serviceMaxAuthTries Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6. MaxStartups Specifies the maximum number of concurrent unauthenticated con- nections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime ex- pires for a connection. The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated values ``start:rate:full'' (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of ``rate/100'' (30%) if there are currently ``start'' (10) unauthenticated connections. The probability in- creases linearly and all connection attempts are refused if the number of unauthenticated connections reaches ``full'' (60).
Related Knowledge
