Hello guys.
I have ClearOS 7.1. Checking my Events and Notification I could notice hundreds of events (warnings) about trying to log into my Clearos: many of the attemps looks like IP from China. Despite that, the IPS does not show any blocked IP. My question is: how do I know that this service is truly running and functioning well?
In my old version (ClearOS 5) this service works very well, and IDS always listed the IP from intruders.
I have ClearOS 7.1. Checking my Events and Notification I could notice hundreds of events (warnings) about trying to log into my Clearos: many of the attemps looks like IP from China. Despite that, the IPS does not show any blocked IP. My question is: how do I know that this service is truly running and functioning well?
In my old version (ClearOS 5) this service works very well, and IDS always listed the IP from intruders.
Share this post:
Responses (3)
-
Accepted Answer
Hi Nick. Thanks for your advices!
I could solve my issue. The point was IDS signatures were not installed: I did and solved the problem!
About your question, the answer is yes, I need it. In any case I have hardened the access to my ClearOS using ssh, enabling some clauses like "AllowUsers" and "PermitEmptyPasswords" among others. -
Accepted Answer
I believe there are far fewer rules in 6.x and 7.x compared to 5.x as licences were changed so previously free rules could no longer be distributed. Having said that, most of the old free rules are pretty ineffective these days and you'd do better to take a subscription out or investigate the free Emerging Threats rules.
Can I ask if you really need ssh open to the public? There are so many bots out there constantly trying to break into ssh. I would suggest it is much better to use something like OpenVPN to connect to your server then ssh into the server as if you are connected to the LAN.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »