Hi!
What are some general tips for hardening and securing our freedombox?
The reason I ask is because I might have already been breached(?) after I installed postfix/dovecat and samba without knowing much about it, and now I can see in my logs that I have several attempted connections…
Such as
7:22 PM
error: kex_protocol_error: type 20 seq 2 [preauth]
4:36 PM
lmtp(15402): Error: lmtp-server: conn unix:pid=15400,uid=111 [1]: rcpt root@freedombox.local: Failed to lookup user root@freedombox.local: Invalid settings in userdb: userdb returned 0 as uid dovecot
4:35 PM error: kex_exchange_identification: Connection closed by remote host sshd
4:06 PM lmtp(15271): Error: lmtp-server: conn unix:pid=15270,uid=111 [1]: rcpt root@freedombox.local: Failed to lookup user root@freedombox.local: Invalid settings in userdb: userdb returned 0 as uid
12:08 PM
error: maximum authentication attempts exceeded for root from 113.X.29 port 41016 ssh2 [preauth]
3:56 PM
error: kex_protocol_error: type 20 seq 2 [preauth]
3:13 PM
<q4ok7w>; lua; neural.lua:780: cannot get ANNs list from redis: Connection refused
These are also strange
I don’t know much about networking… but I can tell that someone attempted to login. Is their attempt via dovecat?
I configured a DMZ network, is this publicly available?
Also, this newly appeared in the logs;
September 20, 2023
Reboot
2:15 PM
Failed to start ssh.service - OpenBSD Secure Shell server.
I thought Freedombox ran a debian variant?
Is there a way to automate logging of attempted connections sent to an email?
This is to see successfully see logins on a third party, so that an attacker can’t clear their traces without knowing…