Posted by barwonhack on November 1, 2011 at 1:01am
Just wondering is there is any specific approach to (additional) server security for Debian Squeeze BOA?
I want to block specific country IP ranges (eg: Nth Korean origin of root SSH log in attempt).
Additionally, any specific advice on non-BOA Debian installation and configuration options?
In addition to blocking certain country IP ranges that simply are not within my target audience, I am also looking at installing fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page) for more dynamic protection.
I figure this is best applied at the system level and that site-specific controls may then be applied at nginx and drupal levels.
Comments
change ssh port and disable pw login for ssh
If you havent done so already i recommend disabling ssh password login and using ssh keys instead. Further its a good idea to change the port that ssh listens on to something else, eg 55678. In my world that removes the need to block a specific country range. Hope this helps
You don't need any extra
You don't need any extra firewall if you already installed csf/lfd (by default coming with Barracuda). You can easily block IPs or subnets it the config file
/etc/csf/csf.deny(see how-to in comments there) and then restart the firewall withservice csf restart.