Web lists-archives.com

Re: Securing development environment




On Saturday 19 May 2018 11:29:25 Andy Smith wrote:

> Hello,
>
> On Sat, May 19, 2018 at 12:03:37PM +0200, Hubert Hauser wrote:
> > On 19/05/18 07:29, Chris wrote:
> > > Make those services listen to localhost and do port forwarding in
> > > your SSH client.
> >
> > It might be a good idea but I am not sure whether fail2ban with
> > nginx basic_auth mechanism is a simplier solution. You have not
> > replied me is it. Should I worry about maximum length of passwords
> > (8 characters)?
>
> If the services are only available in localhost then you don't need
> fail2ban.
>
> Fail2ban is a massive hack (spotting wrongdoing by reading logs of
> it after the fact?) so if there is a way to avoid the issue in the
> first place then to me that is preferable.
>
> Cheers,
> Andy

I've had fail2ban running on my machinery here, for close to 20 years.  
Its never triggered. Portsentry, maybe twice in that same time frame.

I also have dd-wrt between my stuff and the internet. Nothing comes thru 
that unless I clear it. That's a comforting feeling...

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>