Results 1 to 6 of 6

Thread: AppArmor with sshd, make sense?

  1. #1
    Join Date
    Jun 2008
    Location
    Miami, FL
    Posts
    68

    Default AppArmor with sshd, make sense?

    Does it make sense to run sshd confined/protected by apparmor?

    I get tons of attack/hack attempts on my ssh port daily, I created a white list on my firewall to specify the IP addresses that can ssh into my network. I was also thinking of activating the sshd profile in apparmor for some added protection? Just don't know if its worth the trouble.

    What you do?

  2. #2
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,071

    Default Re: AppArmor with sshd, make sense?

    On Fri, 01 Jul 2011 00:06:03 +0000, mejason69 wrote:

    > Does it make sense to run sshd confined/protected by apparmor?
    >
    > I get tons of attack/hack attempts on my ssh port daily, I created a
    > white list on my firewall to specify the IP addresses that can ssh into
    > my network. I was also thinking of activating the sshd profile in
    > apparmor for some added protection? Just don't know if its worth the
    > trouble.
    >
    > What you do?


    I use BlockHosts to automatically reject connections from a system after
    a relatively small number of failed attempts.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  3. #3
    Join Date
    Jun 2008
    Location
    Miami, FL
    Posts
    68

    Default Re: AppArmor with sshd, make sense?

    Yeah that is one way to do it, but its less traffic going into the LAN the way I do it. If the traffic does not originate from any of the ip addresses I specify (about 5 different address) then the request is simply ignored at the firewall before it can even get to the server.

    More curious to find out if anyone uses apparmor to protect/confine sshd or if they think its a good idea or not.

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: AppArmor with sshd, make sense?

    Apparmor and selinux are to protect against programming errors that may allow access to the filesystem or other system resources that not caught by the program. If the access is allowed to a sensitive file by the program to a legal user or intruder, apparmor does nothing for you. It's just another layer of protection. You're probably doing as well as you can with firewall rules.

  5. #5
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,071

    Default Re: AppArmor with sshd, make sense?

    On Fri, 01 Jul 2011 01:36:06 +0000, mejason69 wrote:

    > Yeah that is one way to do it, but its less traffic going into the LAN
    > the way I do it. If the traffic does not originate from any of the ip
    > addresses I specify (about 5 different address) then the request is
    > simply ignored at the firewall before it can even get to the server.


    Yes, you can do that; I couldn't in my setup because I traveled for work
    and couldn't predict my IP address.

    > More curious to find out if anyone uses apparmor to protect/confine sshd
    > or if they think its a good idea or not.


    I don't see a reason to do it myself - if you prevent them from getting
    in in the first place (I also use only public key authentication on the
    external-facing system), then restricting it doesn't provide much - if
    any - benefit.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: AppArmor with sshd, make sense?

    On 2011-07-01 02:06, mejason69 wrote:
    > I was also thinking of activating the sshd profile in
    > apparmor for some added protection? Just don't know if its worth the
    > trouble.


    Try - or have a look at the profile first, to see what it allows. It is one
    more layer.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •