Q: log analyzer ?
I have server installed for fun and to learn.
Over the year, It was under attack many time.
The problem is that I dont spend a lot of time checking the logs, so it take a long time before I realized it.
Is there a Logs analyzer or something that would alert when there is a problem like an IP trying a password for many hour ?
Posted on May 7, 2016 7:43 PM
If you have AFP TCP port 548 open, close it.
You're referring to port knocking. That works. You'll have to install and configure that.
A commercial or open-source firewall running on some old spare box can work as well or better — particularly given an explicit login on the firewall to change settings is then required, where an accidental or unintentional software change or a software bug on the server can open up a port or a vulnerability.
Various mid-grade firewalls can include an embedded VPN server which often allows a whole host of "private" ports to be closed, and can include a DMZ capability which allows a breached server to be isolated. The VPN server avoids the need for port knocking and other details, making the remote system appear as if it were connected to the "private" LAN.
OS X Server does include a VPN server, and any competent network firewall device can be configured for VPN pass-through.
Posted on May 8, 2016 10:34 AM