Hi ZEROF,
I had fail2ban, harden (which includes tiger, tripwire, logcheck, plus MANY others), all the fancy log checkers, rkhunter and clamav, unattended-upgrades, and had all logs emailed to me on a daily basis. It was tedious to go through, but I was trying to do my due diligence.
I disabled root login, changed ssh port (security through obscurity - damn right, but I kept it in the privileged range.) ------------------- Each password was a minimum of 32 characters, alphanumeric plus symbols. No two passwords were alike, or remotely similar. (No, I didn't use keys :@)
I checked "how secure is my password", and this is the result: It would take a desktop PC about 21 quattuordecillion years to crack your password
I had to look quattuordecillion up, as my spell checker doesn't know what it means. In the US, it means 1, followed up 45 zeros. (In the UK it is 10^84, but I believe the website is American so I'm sticking with ^45) --------------- I disabled as many services as I could reasonably tolerate. I removed world rights to as much as I could think. I did everything I could think of to make each VPS effectively useless except for running a Tor relay.
My firewall matched my Reduced Exit Policy, plus my "secret" ssh port.
---- I never thought about the honey-pot... That's a good one.
Speak Freely