Friday, April 20, 2007

FreeBSD periodic.conf for JAIL

## JAIL : disk and network ##
daily_status_disks_enable="NO"
daily_status_network_enable="NO"

## JAIL : security ##
daily_status_security_chksetuid_enable="NO"
daily_status_security_chkmounts_enable="NO"
daily_status_security_ipfwdenied_enable="NO"
daily_status_security_ipfdenied_enable="NO"
daily_status_security_pfdenied_enable="NO"
daily_status_security_ipfwlimit_enable="NO"
daily_status_security_ip6fwdenied_enable="NO"
daily_status_security_ip6fwlimit_enable="NO"
daily_status_security_kernelmsg_enable="NO"

FreeBSD periodic.conf for POSTFIX

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

Monday, April 2, 2007

SSHGUARD helps to prevent SSH brute force attack

SSHGUARD is lightweight tools written on C to watch auth.log and react while sshd been brute force attack. the FreeBSD-ports collects "sshguard" under /usr /ports /security /sshguard.

Just issue "make config && make install clean" to install sshguard into system, and then make some modification to /etc /syslog.conf and /etc /pf.conf

/etc /syslog.conf:
auth.info;authpriv.info |exec /usr/local/sbin/sshguard

/etc /pf.conf
table <sshguard> persist
block in quick on $ext_if from <sshguard> to any label "sshguard"

Then, reload pf and syslogd by using,
/etc/rc.d/pf reload
/etc/rc.d/syslogd reload