Security :: Denyhosts Kicked Out Of Server?
Aug 31, 2010
So I installed denyhosts on my system and I ssh to it fine. Then all of a sudden I got an email saying my ip was added to the /etc/hosts.deny file.I have no clue why. I did not fail the login. So I had an open session and put it in the /etc/hosts.allow file and tried to ssh back in no problem.Then I logged out and all of a sudden I got the email saying my ip was added to the hosts.deny again. Now I am kicked out of the system..
I am guessing I cannot get back in until I get to the console and remove it. I can power on and off the system remotely but I enabled the chkconfig denyhosts on option so it starts on reboot. No remote console is setup.So it looks like I am hozed until I can get to the console, bummer as I was trying to set up a spacewalk server on it. I cannot get to the console for a few days so if anyone has ideas how I can get back in let me know. But denyhosts seems to be working as designed.
This was a default install I did not configure anything funky. Just changed the email to root and started it.I thought about changing my client IP but that wont work as I only have ssh passed on my router to that IP so if I change the client IP I wont get into my routing machine.I think i answered my own question but just thought I would askI guess my real question is why would denyhosts block my IP when the login did not fail and how do i configure it so this does not happen again.
View 8 Replies
ADVERTISEMENT
Oct 31, 2010
I've been using Deny Hosts for a couple of years now without trouble. My router forwards SSH calls to host tock on my LAN. My router's internet hostname is michigan. I keep an svn repository on tock and access it through michigan. In this way I can update my repository when I'm at home or away.Just today, however, whenever I try any ssh to michigan, I get a closed connection and find michigan in my hosts.deny file. I delete it, make a successful connection, but then on my next attempt - there I am in the hosts.deny file again.
I've worked around it by putting michigan into my hosts.allow file, but I would really like to know what's going on. I've configured Hosts Deny to lock out IPs after three failed attempts, but it is locking out michigan after one successful connection.
View 3 Replies
View Related
May 16, 2011
I just set up denyhosts and it worked properly the first time adding lots of ips to the hosts.deny.I then set it to run every 12 hours noon and midnight.I wanted to see if ran properly and I got all this.Does it look like its working?
Code:
May 15 12:00:01 hyrule CRON[14286]: (root) CMD (python /usr/share/denyhosts/denyhosts_ctl.py -c /usr/share/denyhosts/denyhosts.cfg )
[code]...
View 4 Replies
View Related
Jan 29, 2011
how to install denyhosts on opensuse 11.3 having issues with to install python 2.5....
View 5 Replies
View Related
Mar 8, 2010
i am trying to install denyhost on ubuntu 9.10 server, to make it run as daemon.I am following steps from this linkI have downloaded version 2.5 of denyhosts, but i cannot find thi sfile/usr/bin/denyhosts.py
View 1 Replies
View Related
May 3, 2010
I've been running denyhosts on Ubuntu 8.04 servers without any problems using the how-to found hereow that I have a new Ubuntu 10.04 server running, I thought I would just install denyhosts from the Ubuntu repository not realizing that the paths and filenames of the install are different from the how-to I am used to using.I figured out what the name of the new denyhosts config file is (at least new to me) and the new location, but I'm not sure about the "allowed-hosts" config file.Does anybody know where the new path for this file is and whether the filename is still the same?
View 2 Replies
View Related
Nov 8, 2010
When I try to log in using kdm, I get kicked back to the KDM main login screen, After a couple attempts I can login but this is very annoying.
Is there a log file or something I could look at?
Where should I begin to look for a solution to this?
I am using Slackware 13 and Xfce.
View 3 Replies
View Related
Jan 13, 2009
I keep getting kicked to the splash screen when i try to install programs from CDs. i get the same problem when i try to run xvidtune.
any ideas how to fix this?
View 1 Replies
View Related
Apr 14, 2010
Suddenly I noticed that all my file system had gone into read-only mode. My first thought was that the Sata data cable had got loose for one of the drives, but that wasn't it. All cables were connected correctly. So I booted up again, but I only came to a rescue mode terminal.
I have four software MD raid volumes:
Code:
Running mdadm -D on the volumes told me that the sdc drive had been kicked out from both md0 and md1. However, md3 had kicked out two drives, so I couldn't get any information from mdadm -D on that. For md0 and md1 I could just add the kicked-out partitions back into the volume, but for md3 I don't even know which partitions got kicked out...
Here are some outputs:
Before I rebooted the first time I saved the 200 last rows of dmesg to a memory stick. Here they are:
Code:
Trying to restart the md3 volume in the rescue mode terminal:
Commands:
Code:
Output:
Code:
The "Array State" row seems interesting. I guess that AAAA means all four drives are OK. But then why does the array state differ between the members?
Does anyone know how to figure out which two members that got kicked out? And how do I get them back in (assuming that they're OK)?
View 3 Replies
View Related
Jul 9, 2010
I've been using the denyhosts software for about 8 months to block IPs that are trying to connect to my network that shouldn't be. I'm having trouble with it today for the first time and I can't track down the issue.It is installed on the main server which is the outside IP for the network as well. This should allow me to SSH to the hostname/network IP, or the NAT IP as well. It worked fine up until this morning when I started to work on an ftp server, as far as I know I didn't make any changes that should cause problems.
hosts.deny starts with no 192.x.x.x addresses in it. In allowed-hosts for denyhosts I have entered 192.168.1.1 so that the router should never get blocked.I can SSH to the hostname perfectly fine, connection doesn't drop or anything.If I SSH to the NAT address the connection hangs there while the IP address gets added to hosts.denyI can confirm 100% that I was able to SSH to my NAT from within the network with no problem, now it seems to throw the router IP into hosts.deny if I try to connect from within the network using the NAT.Here is the error that I get in /var/log/securesshd[9272]:d not receive identification string from 192.168.1.1I did update my system recently which may have changed the way some files behave, I will try updating Denyhosts as well. It looked like the address being blocked was an IPv6 since it was showing as:sshd[9201]: refused connect from ::ffff:192.168.1.1 (::ffff:192.168.1.1)
View 1 Replies
View Related
Aug 12, 2010
I did a goole search and found several hits telling me about this error I am getting
service denyhosts start
starting DenyHosts: /usr/bin/env python2.4 /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
[code]....
View 11 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Jun 2, 2010
I am with a customer who has Suse 10.1 in production environment and connected to the internet.For now I want to install denyhosts on this machine since I see lots of failed login attempts outside office hours.However when I do: python setup.py install I get the message File "setup.py", line 4, in ?from distutils.core import setupmportError: No module named distutils.coreI don't know how to solve this. I have added a repository to install distutils.core but could not find it
View 1 Replies
View Related
Jul 12, 2010
I have recently installed denyhosts to help guard against bruteforce ssh attacks on my Fedora 12 server from the Fedora repositories. If I manually start denyhosts (as root) using: /usr/sbin/denyhosts.py --daemon
it works fine. The denyhosts log file is created and indeed the /etc/hosts.deny file is updated. However if I make attempts to start denyhosts automatically upon the server restart denyhost fails with a permission denied error for /etc/hosts.deny (error 13) I have tried using chkconfig to enable /etc/init.d/denyhosts on run levels 3, 4 and 5. I have also tried including the line:
/usr/sbin/denyhosts.py --daemon
in /etc/rc.local Both of these attepts report the same error. anyway to automatically start denyhosts or know why this problem might be happening?
View 1 Replies
View Related
Sep 9, 2010
I am having issues getting yum to work with the repos for fail2ban and denyhosts. I followed the centos link on installing/cfg repos. However every time i run yum install fail2ban or denyhosts it does not find the software. I read in several google searches that I should be able to install it using yum. Is that info wrong? These are the link I was s reading too from centos. [URL]. I know I can download the rpm or a tar file but I would like to keep it in sync with yum if possible. May be I have the wrong repo? CentOSPlus is enabled also.
View 3 Replies
View Related
Aug 10, 2010
I have setup Denyhosts to run on my server, and have been using it succesfully for the last few weeks, to allow me to ssh into my server from my home dev machine.
This morning, I accidentally typed my password incorrectly three times - and ended up being locked out of the system (tghat was ok, because that was what was supposed to happen). I logged into the server via another way and took the following actions (in the order given)
/etc/init.d/ssh stop
/etc/init.d/denyhosts stop
removed my IP address from /etc/hosts.deny
/etc/init.d/ssh start
[Code].....
View 1 Replies
View Related
May 8, 2011
I'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?
View 3 Replies
View Related
Jul 22, 2011
I've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
View 9 Replies
View Related
Aug 14, 2010
I'm new to server admin, so my question is based on what may be a bad assumption. With a server, my assumption is "if it ain't broke, don't fix it". In other words, I'm not really interested in upgrading the software to the latest and greatest if I already have stuff working on the server.
However, the one place where I DO want to constantly have upgrades is for security patches. How do I apply security updates to Ubuntu Server... and ONLY security updates?
View 2 Replies
View Related
Aug 29, 2009
I followed this how to to make a NFS server: [url]
So it means: exports looks like this:
Quote:
Here are some quick examples of what you could add to your /etc/exports
For Full Read Write Permissions allowing any computer from 192.168.1.1 through 192.168.1.255
It means that if sbdy arrives with a linux machine, puts the ethernet cable into the router, then logs as root on his machine, and mount the exports. He can do almost everythg, with permissions chmod'ing ...
Is that LAMP, or i am wrong for nfs kernel servers, the ultimate users/password servers against that to prevent those physical approches /logins?is there good how to ?
View 5 Replies
View Related
Feb 15, 2011
I want to know how can I test my server security with hping3 tool I want to make a virtual DoS or DDoS or SYNK attack in my LAN to test my server security and ability against these attack .Is hping3 a good solution for this or not if yes how can I do this which option of this can make such these attacks?
View 4 Replies
View Related
Mar 1, 2010
I'm using Postgresql 8.4.2-2. I'm trying to remote into my server securely. I figure I could do so with ssh. Apparently I figured correctly, as per, [URL] and [URL] I setup the ssh tunnel. ssh -L 5432:serverip:5432 Then I setup pgadmin3 to connect as follows:
host: localhost
port: 5432
user: postgres
maintenance db: postgres
And I receive the following error:
An error has occurred: Quote: An error has occurred: Error connecting to the server: server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.
I'm not sure what the problem is. I can connect with Code: psql from the cli after connecting to the terminal via ssh. So I know that I'm using the correct password.
View 3 Replies
View Related
Oct 7, 2010
I have NFS set up on my file server on my local network. Right now I'm allowing all local IP's. Now I want to be able to access the shares from home, across town.
Can you secure NFS in any way other than IP restriction, ie. password login? I know I could just use sftp but I want the control and seamlessness of NFS.
View 2 Replies
View Related
Apr 8, 2010
I had two continues attack on our server(web hosting capnel)...The attacker is deleting one users public_html content so that he is losing his contents.. Actually all files are with owner as him. But I don't know what's happening? is it a good idea to use some IDS on server..would it be a overhead for server?
View 1 Replies
View Related
Feb 4, 2010
For some time now I've been noticing the network activity light for my linux box blinking like mad on my router. After a little looking around for ways to see what connections my box has established, I found the following using lsof -i
Code:
bash 13839 root 1u IPv4 3118972 TCP shana:49148->Oslo.NO.EU.undernet.org:ircd (SYN_SENT)
bash 13839 root 2u IPv4 3118986 TCP shana:34323->161.53.178.240:distinct
[code]....
I know I'm not using IRC, and I have my sshd locked down fairly tight, requiring a key to log in, so obviously, it looks like there's something or somebody in Croatia (the origin of that IP address) connecting my system to undernet.org for some nefarious purpose. Looking at my processes, ID 13839 shows up as
Code:
13839 ? S 0:00 bash
Just 'bash', not '-bash' as
Code:
13426 pts/0 S 0:00 -bash
my session appears. Previously, this odd bash process was ID 2704, which seemed to imply that it had launched fairly soon after my system booted up which really makes me wonder. Oh, and yes, I did kill that 2704 process, and it returned as this 13839. 2704 also had those same IRC connections present in lsof.
View 12 Replies
View Related
Apr 15, 2011
How to Configure rsh Server and where to restrict instances?
View 3 Replies
View Related
Aug 13, 2010
[COPY]
Ooooh, mod fight
[/COPY]
View 4 Replies
View Related
Jan 13, 2011
I'm running a CentOS server, but I'm not familiar with iptables. Can someone recommend a firewall where I can manage it via a web browser. I might be off here, but can I run something like Pfsense on top of my server ?
View 3 Replies
View Related
Mar 11, 2010
I am creating an FTP server using VSFTP. It will be in the wild, initially at least only functioning as an FTP server. I have the iptables config from the previous box I set up 3-4 years ago. I have also got private/public key authentication running with SSH to eliminate brute force attacks.
Here is where is my specific question. On the old server I set up something that allowed my clients to log in using accounts that were not system accounts but would translate to a single system account that was limited to FTP. I remember setting up a passwd account that had username / password pairs that FTP used for authentication.
What app is this? Is it just part of VSFTP or maybe SELInux? I really want to utilize this.
View 2 Replies
View Related
Jan 26, 2010
I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
View 9 Replies
View Related
