Configuring SSH on Debian 7

This is a mini guide to configure SSH on a Debian 7 server, I’m currently using Debian 7 x86 on a VPS so this guide can help you setup SSH on your vps, just adapt it to your distro of choice.

• • •

Combine PSAD and IPSET to block attackers

This is a very basic implementation that combines our psad setup (see this post ) and ipset (see this other post). There is an interesting feature on psad that logs the top attackers, you can find the file under /var/log/psad/top_attackers and looks like this:

 as you can see it’s nor a pretty list of IPs line by line as we would like to have but it has the extra values of total packets, uniq sigs and other stuff that cannot be interpreted by ipset, ipset will only check ip addresses (or entire networks) line by line so what do we do? we just need to make a little script for it

• • •

Setup IDS with PSAD on Debian 7

PSAD is an Intrusion detection and log analysis tool that works with iptables. The tool basically looks at iptables logs for possible “attacks” and performs and action if it finds something suspicious, for example a port scan done with nmap to your server, an attempt to establish a remote desktop connection, etc.

• • •