Re: Securing development environment
- Date: Sat, 19 May 2018 15:20:23 -0400
- From: Gene Heskett <gheskett@xxxxxxxxxxx>
- Subject: Re: Securing development environment
On Saturday 19 May 2018 11:29:25 Andy Smith wrote:
> On Sat, May 19, 2018 at 12:03:37PM +0200, Hubert Hauser wrote:
> > On 19/05/18 07:29, Chris wrote:
> > > Make those services listen to localhost and do port forwarding in
> > > your SSH client.
> > It might be a good idea but I am not sure whether fail2ban with
> > nginx basic_auth mechanism is a simplier solution. You have not
> > replied me is it. Should I worry about maximum length of passwords
> > (8 characters)?
> If the services are only available in localhost then you don't need
> Fail2ban is a massive hack (spotting wrongdoing by reading logs of
> it after the fact?) so if there is a way to avoid the issue in the
> first place then to me that is preferable.
I've had fail2ban running on my machinery here, for close to 20 years.
Its never triggered. Portsentry, maybe twice in that same time frame.
I also have dd-wrt between my stuff and the internet. Nothing comes thru
that unless I clear it. That's a comforting feeling...
Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>