Forums

Resolved
0 votes
Hello guys.

I have ClearOS 7.1. Checking my Events and Notification I could notice hundreds of events (warnings) about trying to log into my Clearos: many of the attemps looks like IP from China. Despite that, the IPS does not show any blocked IP. My question is: how do I know that this service is truly running and functioning well?

In my old version (ClearOS 5) this service works very well, and IDS always listed the IP from intruders.
Friday, December 18 2015, 02:50 AM
Share this post:
Responses (3)
  • Accepted Answer

    Friday, December 18 2015, 03:33 PM - #Permalink
    Resolved
    0 votes
    I believe there are far fewer rules in 6.x and 7.x compared to 5.x as licences were changed so previously free rules could no longer be distributed. Having said that, most of the old free rules are pretty ineffective these days and you'd do better to take a subscription out or investigate the free Emerging Threats rules.

    Can I ask if you really need ssh open to the public? There are so many bots out there constantly trying to break into ssh. I would suggest it is much better to use something like OpenVPN to connect to your server then ssh into the server as if you are connected to the LAN.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, December 18 2015, 05:00 PM - #Permalink
    Resolved
    0 votes
    Hi Nick. Thanks for your advices!

    I could solve my issue. The point was IDS signatures were not installed: I did and solved the problem!

    About your question, the answer is yes, I need it. In any case I have hardened the access to my ClearOS using ssh, enabling some clauses like "AllowUsers" and "PermitEmptyPasswords" among others.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, December 18 2015, 05:23 PM - #Permalink
    Resolved
    0 votes
    Have you looked at fail2ban as well?
    The reply is currently minimized Show
Your Reply