Banning IPs & MACs after too many unsuccessful login attempts 1978

composlinuxmisc

Depends on what ports the probes are coming in.

And what services areon those ports.

Many will have their opwn inbuilt rules saying 'only acept fromn X'

Building a complete firewall is anoher issue..it may not be worth it however.

Not sure.

This is a big bugger..I think you may want the chroot command for this. Essentially once executed it changes the users environment so that eg. the home directory is simply all they can see and use, unless hey go through another program. Beware, it also stops them executing programs that are not withing that tree. I have used that in the past with very insecure FTP servers to limit access to a very few programs.

I would say that having a root writable only login script that does a chroot, would be relatively perfect...and set up env variables for a path to exactly those executables you choose to allow the users access to, and only those. Put them in a separate directory under the users home, which contains COPIES - not links.

Getting security correct on a machine is a long process of thinking checking implementing and testing.

Sometimes its easier to simply deny everything and then see which valid users complain, and fix it just for them.