I was kicking around today and installed logcheck with the syslog summary option enabled. (Yeah I know, better late than ever). I noticed on my main server a bunch of ssh hacking attempts. A rather useful way of preventing these is via the DenyHosts package. This package searches for bad sshd login attempts (like futile attempts to brute force my locked root account) and adds them to /etc/hosts.deny. Interestingly the DenyHosts community has a sync server setup. Anytime any of them find malicious activity, the client uploads it to the site. You can download the data via proper /etc/denyhosts.conf editing and securely prevent future attacks from those IPs. A little risky that you might get a block for a local ip for but for small fish like me, not so bad.

While I was at it, I also installed the harden deb packages. These prevent you from installing programs with known security exploits. Don’t try installing harden-clients though, it fails on telnet and tries to uninstall ubuntu-desktop. Thankfully, my trusted rkhunter script didn’t report anything bad.