Other Snort IPS (maybe...)

Mike Z

Mike Z

Hello guys,

I've been trying to work towards securing my SFTP project at home. Someone recommended I install snort; however, their documentation makes my head hurt. I can't find a decent guide for installing it on freebsdFreeBSD. What are your guy's thoughts on snort?

Also, to give you a better idea of what I'm trying to do, I noticed after the first full day that I had my ssh box on the internet that a TON of people tried port scanning, deauthenticating on every port, and logging in as root remotely (which is disabled). Someone suggested snort as a resolution to this problem, but would just a regular firewall like PF help me in this case?

Thanks everyone.
 
I think that if you run PF in conjunction with security/py-fail2ban and allow only RSA authentication it is enough. Snort is an IDS, it will alert you and it can also be configured to work inline but it sounds like an overkill. Also, I usually prefer to run Snort on a different dedicated server.
 
I appreciate the input guys. I'll do some research on those two. Also, I'd love to get RSA authentication working, and I'm familiar with the concepts through classwork and book text, however, I have no actual experience with it and I found it difficult when I was first setting this ssh server up. I would like to get it going eventually as it would add another nice security layer. Again thanks!
 
Using keys with ssh(1) is fairly simple.
  • Generate a key:
    ssh-keygen
  • Copy the public part to the server:
    cat ~/.ssh/id_rsa.pub | ssh me@my.server.example.com "cat >> ~./ssh/authorized_keys"
 
You must log in or register to reply here.
Back
Top