20050727
iptables brute force rule
Saw this on /. today:
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -j SSH_Brute_Force
iptables -A SSH_Brute_Force -m recent --name SSH --set --rsource
iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 60 --hitcount 4 --name SSH --rsource -j RETURN
iptables -A SSH_Brute_Force -m limit --limit 3/min -j LOG --log-prefix "SSH Brute Force Attempt: "
iptables -A SSH_Brute_Force -p tcp -j REJECT
4 ssh connections within a second causes a 3 minute ban. I wonder if there's a FreeBSD equivalent.
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -j SSH_Brute_Force
iptables -A SSH_Brute_Force -m recent --name SSH --set --rsource
iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 60 --hitcount 4 --name SSH --rsource -j RETURN
iptables -A SSH_Brute_Force -m limit --limit 3/min -j LOG --log-prefix "SSH Brute Force Attempt: "
iptables -A SSH_Brute_Force -p tcp -j REJECT
4 ssh connections within a second causes a 3 minute ban. I wonder if there's a FreeBSD equivalent.
20050722
20050721
More FreeBSD notes
Why oh why isn't there a UbuntuGuide.org equivalent for FreeBSD? The Handbook and FAQ just doesn't cut it. Anyway, here's some stuff I just learned:
1. Install sudo (pkg_add -r sudo) so you don't have to switch to root. This is sort of a remant of Ubuntu in me. Never was a fan of sudo before.
2. pkg_add -r freebsd-update. Then copy the sample configuration file & create a folder called /usr/local/freebsd-update. Then do a sudo freebsd-update fatch. If all looks good, do a sudo freebsd-update install
3. Have sex.
1. Install sudo (pkg_add -r sudo) so you don't have to switch to root. This is sort of a remant of Ubuntu in me. Never was a fan of sudo before.
2. pkg_add -r freebsd-update. Then copy the sample configuration file & create a folder called /usr/local/freebsd-update. Then do a sudo freebsd-update fatch. If all looks good, do a sudo freebsd-update install
3. Have sex.
FreeBSD as a Desktop
Just ditched my office workstation running Ubuntu 5.04 (based off Debian) to FreeBSD 5.4. I used FreeBSD before but as a server. What am I thinking? Though GNOME (my choice of WM) is supported, it's not *fully* supported per-se. For one, whenever I access the Users & Groups in the Admin section while running as a regular user, the bloody program just waits there. For nothing. It should at least ask me for the root password but it didn't.
But I still like it, it's small and stable considering what I mentioned above. What I did:
1. Install FreeBSD minimal - at this point I have a "usable" FreeBSD machine. Then used pkg_add to install the Xorg X server. Since FireFox isn't on the CD, I used pkg_add -r firefox to do a web install. So pkg_add proceeds to download firefox *and* it's dependencies... including perl. WTF? Why?
2. OK, I need to install GNOME. A lot of people are whining about some WMs are too bloated. Luckily, FreeBSD's ports include gnome2-lite which is a minimal install of GNOME. So off I go via pkg_add -r gnome2-lite.
3. Also pkg_add -r gdm for good measure.
4. Edited /etc/ttys and enabled GDM.
5. I'm still sexy.
I also tried adding the flash plugin for FireFox. Interestingly, firefox crashes from time to time so I removed it via pkg_delete. Good ridence I say. No flash? It's all good. I don't need it anyway since I'm at work. :D
But I still like it, it's small and stable considering what I mentioned above. What I did:
1. Install FreeBSD minimal - at this point I have a "usable" FreeBSD machine. Then used pkg_add to install the Xorg X server. Since FireFox isn't on the CD, I used pkg_add -r firefox to do a web install. So pkg_add proceeds to download firefox *and* it's dependencies... including perl. WTF? Why?
2. OK, I need to install GNOME. A lot of people are whining about some WMs are too bloated. Luckily, FreeBSD's ports include gnome2-lite which is a minimal install of GNOME. So off I go via pkg_add -r gnome2-lite.
3. Also pkg_add -r gdm for good measure.
4. Edited /etc/ttys and enabled GDM.
5. I'm still sexy.
I also tried adding the flash plugin for FireFox. Interestingly, firefox crashes from time to time so I removed it via pkg_delete. Good ridence I say. No flash? It's all good. I don't need it anyway since I'm at work. :D
20050705
Subscribe to:
Posts (Atom)