spamassassin-dev December 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: ruleqa zones: SSH access and risk of intrusion

ruleqa zones: SSH access and risk of intrusion

From: John Hardin <jhardin_at_nospam>
Date: Mon Dec 05 2011 - 16:30:42 GMT
To: SpamAssassin Developers list <dev@spamassassin.apache.org>

All:

One thing I noticed while troubleshooting the recent ruleqa problems on
the zone VMs was the number of failed SSH logins to random and system
accounts. I was contemplating putting in explicit DenyUsers for the
various system accounts, but I was a little reluctant to do system-level
stuff like that without infra involvement.

Should we (ask infra to) put something like fail2ban on the zones boxes,
and add explicit DenyUsers for the existing system accounts (like
postgres(!))?

More generally: how autonomous are we the SA devs in administration of the
zone VMs?

I was reminded by this:
http://isc.sans.edu/diary/SSH+Password+Brute+Forcing+may+be+on+the+Rise/12133

-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- The question of whether people should be allowed to harm themselves is simple. They *must*. -- Charles Murray ----------------------------------------------------------------------- 10 days until Bill of Rights day