Hello, First: So, in the RKHunter log page in ISPConfig I am seeing this: ---- Data from: ????-??-?? ??:?? No data about RKHunter available at the moment. Please check again later. ------- I manually ran a scan from the CLI and expected it to update--and nothing. So, what prompted this is that I noticed that Fail2ban had banned several ssh login attempts from five different ip's in asia. I have since configured the NAT firewall to block all ssh logins attempts from all WAN ip's except mine. Are there any other suggestions to enhance security here--I am running the default install of ISPConfig 3. thanks in advance, Matt PS: BTW, how common is this?
rkhunter is run automatically once a night by ispconfig. If you run it manually then you can only view the log on the shell and not in ispconfig.
Security Steps Till, Thanks very much. Any other suggested/must-do security steps I should take, besides, checking the logs? I have limited SSH access to my IP's only. Would increasing the fail2ban time help? thanks, Matt
