Formatting code for SecurityAttacks
{{parent page="Security"}}
==Sub-topics==
~ ==[[SecuritySshdFilter Prevent ssh brute force attacks with sshdfilter ]]==
~ ==[[SecuritySshIptables Protecting ssh with iptables ]]==
~ ==[[SecuritySshguard Protecting ssh with sshguard ]]==
~ ==[[SecuritySshdSEC Protect sshd with SEC]]==
~ ==[[SecurityTreason Block Treason uncloakced attack]]
-----
===Protecting Apache===
mod_evasive can block possible DoS attacks. At the time of writing, no log or email is sent. I tested it with apachebench.
==Installation==
Obtain mod_evasive from http://www.zdziarski.com/projects/mod_evasive
For apache with DSO support, use the following commands to install
%%
/usr/sbin/apxs -i -a -c mod_evasive20.c
%%
==Configuration==
Add the following in httpd.conf:
%%
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2 # num of request per page
DOSSiteCount 50 # request per site per client
DOSPageInterval 1 # 1 second
DOSSiteInterval 1 # 1second
DOSBlockingPeriod 10 # 10 seconds blocking period
DOSEmailNotify you@yourdomain.com
DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSLogDir "/var/log/httpd"
</IfModule>
%%
=== SSHD settings ===
Referring to sshd_config's manual, one can use the followings to harden the sshd service
%%
MaxAuthTries
Specifies the maximum number of authentication attempts permitted
per connection. Once the number of failures reaches half this
value, additional failures are logged. The default is 6.
MaxStartups
Specifies the maximum number of concurrent unauthenticated con-
nections to the SSH daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime ex-
pires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values ``start:rate:full'' (e.g.
"10:30:60"). sshd(8) will refuse connection attempts with a
probability of ``rate/100'' (30%) if there are currently
``start'' (10) unauthenticated connections. The probability in-
creases linearly and all connection attempts are refused if the
number of unauthenticated connections reaches ``full'' (60).
%%
==Related Knowledge==
[[ssh]]
SynFlood - http://www.securityfocus.com/infocus/1729
-----
CategoryAttacks
==Sub-topics==
~ ==[[SecuritySshdFilter Prevent ssh brute force attacks with sshdfilter ]]==
~ ==[[SecuritySshIptables Protecting ssh with iptables ]]==
~ ==[[SecuritySshguard Protecting ssh with sshguard ]]==
~ ==[[SecuritySshdSEC Protect sshd with SEC]]==
~ ==[[SecurityTreason Block Treason uncloakced attack]]
-----
===Protecting Apache===
mod_evasive can block possible DoS attacks. At the time of writing, no log or email is sent. I tested it with apachebench.
==Installation==
Obtain mod_evasive from http://www.zdziarski.com/projects/mod_evasive
For apache with DSO support, use the following commands to install
%%
/usr/sbin/apxs -i -a -c mod_evasive20.c
%%
==Configuration==
Add the following in httpd.conf:
%%
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2 # num of request per page
DOSSiteCount 50 # request per site per client
DOSPageInterval 1 # 1 second
DOSSiteInterval 1 # 1second
DOSBlockingPeriod 10 # 10 seconds blocking period
DOSEmailNotify you@yourdomain.com
DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSLogDir "/var/log/httpd"
</IfModule>
%%
=== SSHD settings ===
Referring to sshd_config's manual, one can use the followings to harden the sshd service
%%
MaxAuthTries
Specifies the maximum number of authentication attempts permitted
per connection. Once the number of failures reaches half this
value, additional failures are logged. The default is 6.
MaxStartups
Specifies the maximum number of concurrent unauthenticated con-
nections to the SSH daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime ex-
pires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values ``start:rate:full'' (e.g.
"10:30:60"). sshd(8) will refuse connection attempts with a
probability of ``rate/100'' (30%) if there are currently
``start'' (10) unauthenticated connections. The probability in-
creases linearly and all connection attempts are refused if the
number of unauthenticated connections reaches ``full'' (60).
%%
==Related Knowledge==
[[ssh]]
SynFlood - http://www.securityfocus.com/infocus/1729
-----
CategoryAttacks
