I just set up denyhosts and it worked properly the first time adding lots of ips to the hosts.deny.I then set it to run every 12 hours noon and midnight.I wanted to see if ran properly and I got all this.Does it look like its working?
I just downloaded the DenyHosts2.6python2.5.rpm for deny.hosts from sourceforge and would like to set it up. I normally use fish://, smb:// and ftp:// on the boxes on my lan. I already have files called hosts.allow and hosts.deny in the /etc folder. Will the rpm configure hosts.deny when first run?
I'm having troubles trying to understand this problem:my homeserver until yesterday had a public IP, staying on network, with sshd running and all was fine;this evening I changed the IP, giving it a local lan address, and what happened if I tried to connect to it by ssh?I got an error about "Connection closed by remote host". Google helped me finding that was regarded to hosts.deny file, that was actually containing a lineALL:ALLthat I commented, and all was fine.My question is: why the hosts.deny (that has never changed) was observed only with the local IP?I tried to switch back to the public IP and leaving ALL:ALL, and it did connect without any problem
Probably an easy (which means stoopid) question...I am trying to reroute a website using my hosts file so that it matches my servers certificate file for testing without effect dns and the live site.When I went to edit my /etc/hosts file it is non-existent. I have, I am assuming in it's place, hosts.allow and hosts.deny. Can anyone explain why I do not have a hosts file?
I know this is probably easy and if I only took a while to figure it out maybe I could but I have some stuff that needs to happen soon and I can't figure this out. I was wondering how I could have a log monitor that would email me whenever someone tries to login over ssh to my system. I'm open to everything daemons/scripts or cron itl works as I am not running a production server (but I might be starting that soon). Oh and just a side how do I get sent an email when I get port scanned
I have an SSH server on my laptop, and I'm using the default configuration file, but I added "AllowUsers <myUserName>". I get lots of login attempts like the ones below in my /var/log/auth.log.From Google, I find that pam_winbind allows some kind of Windows authentication. This leaves me with 2 questions. What does winbind do when I have not configured any Windows/Samba accounts? How can I turn it off?
Code: Oct 23 20:01:49 muon sshd: User root from 184.108.40.206 not allowed because not listed in AllowUsers
I am running a ubuntu server 10.10 with SSH, and OpenVPN. I use it mainly for the VPN, but I have seen log in attempts such as:
Mar 22 14:52:53 UbuntuSvr sshd: Invalid user support from 220.127.116.11 Mar 22 14:52:55 UbuntuSvr sshd: Invalid user student from 18.104.22.168 Mar 22 14:52:57 UbuntuSvr sshd: Invalid user transfer from 22.214.171.124 Mar 22 14:52:59 UbuntuSvr sshd: Invalid user user from 126.96.36.199
Is it possible to make it so when some one has tried logging in 5 times with an invalid user/pass that the ip is banned for 10 minutes? I have password auth set to no and am using keys.
I am trying to get OpenLDAP to authenticate user logins, but running around in circles. Are there any logs produced by either client and/or server that would indicate possible reasons why it was unable to login as a user?Below is an explanation, any ideas would be appreciated, as I think everything is setup as per the various articles on using LDAP.
I have a CentOS 5.5 OpenLDAP server, and several others, some host services, some are file shares (samba).So far I have been able to successfully configure OpenLDAP to carry out all the ldap* commands from both the local server and from any of the remote servers, either via non-ssl or ssl connections. However, as soon as I try connecting any services up to it, it doesn't play ball.Back to basics, having cleared off all previous attempts at this from all machines, I have gone through the following:
Installed OpenLDAP server/client on host (plus nss_ldap). Configured /etc/openldap/slapd.conf (see below) Configured /etc/openldap/ldap.conf (see below)
I have read the man files on hosts (deny/allow) and think I understand how they are supposed to work but reality has proven me wrong.
My simple test case was to add "ALL: ALL " to the end of hosts.deny which I though should make the Internet not work. I can still look up hosts fine so apparently I don't understand these files or Ubuntu is ignoring them.
This is my hosts.deny file
hosts.deny is the only file I have edited (so far)
I have setup Denyhosts to run on my server, and have been using it succesfully for the last few weeks, to allow me to ssh into my server from my home dev machine.
This morning, I accidentally typed my password incorrectly three times - and ended up being locked out of the system (tghat was ok, because that was what was supposed to happen). I logged into the server via another way and took the following actions (in the order given)
/etc/init.d/ssh stop /etc/init.d/denyhosts stop removed my IP address from /etc/hosts.deny /etc/init.d/ssh start
I've set up two security associations(in and out) on two hosts, and then set up two policies per host that should filter traffic to those SA's. Yet when I try to ping one host from the other I get no response, meaning that the filters on one side work and drop unprotected packets, but both hosts are configured to communicate using ipsec. Can anyone point me in the right direction?
Code: ip xfrm state add src 192.168.77.23 dst 192.168.77.24 proto esp spi 0x53fa0fdd mode transport reqid 16386 replay-window 32 auth "hmac(sha1)"
I have encountered a problem using squid, I am currently configuring my squid to deny all http and https except 1 external dst ip address which I will use to connect trough RDP, how can I configure my squid with what I want to accomplish?
I'm trying to use ssh-keyscan to get some known_host file population going on, but I have a ton of hosts I want to scan, all with multiple aliases in /etc/hosts. Is there a way to use my current /etc/hosts file to do an ssh-keyscan instead of making a special list of hosts that (from what I've read) ssh-keyscan needs?
i was hoping that someone in here could possibly help me out with my iptables rule set. First here is what i would like iptables to do, i want iptables to deny all packets or traffic from the outside coming in and for output allow the things i need like web and irc etc... Also, i would like iptables to deny access to all services like sendmail and ssh except i would like localhost to have access to everything. What i mean by localhost is that when i run my iptables script it loads fine except when i try ssh from localhost i get this output:ssh -l user localhostssh_exchange_identification: Connection closed by remote hostI know what most of you are thinking, why do i need to ssh into localhost from localhost just open another terminal, well i am getting myself familiar with iptables i want all services logged and blocked but not from localhost. I cant seem to figure out this problem and i have tried several different things. Here is my iptables script, I am hoping that someone out there can tell me what i am doing wrong...
#!/bin/bash iptables -v -F; iptables -v -A INPUT -i lo -j ACCEPT;
I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.
I have an Asterisk on an externally hosted vServer with Lenny. In order to further protect the SSH access I intended to change the Port number 22 to something like 55555. For this I changed the /etc/ssh/sshd_config file and restarted ssh. This caused unfortunately the following problems:
(1) The first login works but DenyHost writes now the IP in its list so that the second login with the same IP is blocked.
(2) With RESET_ON_SUCCESS = yes several logins were possible with the same IP, but later it also was blocked for some still unknown reasons.
(3) Files can be uploaded for being edited, but they can't always be saved. When they can't be saved the next login with this IP is blocked. It thus looks like the blocking can occur while being connected. When the files can't be saved it is however still possible to copy files from the computer to the vServer.
I add below the entries in the auth.log from a logout and a login. It shows further how suddenly the attempts to save files were blocked. After this session the IP used for it was blocked. I don't know where the message "Unable to open env file: /etc/default/locale" comes from. If I remember right I had these messages already before. I don't know how much that is really important.
How do I limit the max login attempts in the sshd_config file? I found a way to do it on Google some time back but I can't find it now. I have Denyhost already, but I really wanna do the "MAx Login Attempts" what ever it was that I was able to do in the config file.