/ #CentOS #Security 

Hackers

Since I have been playing with Docker for the past few weeks I have had more servers on-line. I don’t have a static IP address at home so while I have a jump host setup I found I was still being port scanned and brute forced.

I only caught a sniff of it in the logs while looking at another problem, even though password authentication is disabled and I only use keys I decided install Fail2Ban to start blocking people, just in-case. As I use Puppet I installed a module and enabled it. Since then I have been flooded with emails !!!

Across both of the machines I am currently running it has been triggered over 150 times in the last 48 hours, and thats just SSH. Considering that this machine is nothing than a test server I would hate to be actually running anything of worth.

Author

Russ McKendrick

Buys way too many vinyl records, writes a lot about Docker & loves orchestration. Works at @node4ltd / @n4stack has written for @PacktPublishing