Security :: Invalid Login Attempts Not Refused Using Deny Hosts And Conf Of Denyhost Not Working?

Oct 28, 2010

I am using denyhosts on a server so in a config file/etc/denyhosts.confthe following value is setQuote:DENY_THRESHOLD_INVALID = 3which as per their configuration file saysQuote:

DENY_THRESHOLD_INVALID: block each host after the number of failed login
# attempts has exceeded this value. This value applies to invalid
# user login attempts (eg. non-existent user accounts)

[code]...

View 1 Replies


ADVERTISEMENT

Ubuntu Security :: Denyhosts Working \ First Time Adding Lots Of Ips To The Hosts.deny?

May 16, 2011

I just set up denyhosts and it worked properly the first time adding lots of ips to the hosts.deny.I then set it to run every 12 hours noon and midnight.I wanted to see if ran properly and I got all this.Does it look like its working?

Code:
May 15 12:00:01 hyrule CRON[14286]: (root) CMD (python /usr/share/denyhosts/denyhosts_ctl.py -c /usr/share/denyhosts/denyhosts.cfg )

[code]...

View 4 Replies View Related

Security :: Configure Deny.hosts For Opensuse 11.1?

Sep 7, 2010

I just downloaded the DenyHosts2.6python2.5.rpm for deny.hosts from sourceforge and would like to set it up. I normally use fish://, smb:// and ftp:// on the boxes on my lan. I already have files called hosts.allow and hosts.deny in the /etc folder. Will the rpm configure hosts.deny when first run?

View 1 Replies View Related

Ubuntu Security :: Sshd And Hosts.deny Not Always Observed?

Jan 18, 2010

I'm having troubles trying to understand this problem:my homeserver until yesterday had a public IP, staying on network, with sshd running and all was fine;this evening I changed the IP, giving it a local lan address, and what happened if I tried to connect to it by ssh?I got an error about "Connection closed by remote host". Google helped me finding that was regarded to hosts.deny file, that was actually containing a lineALL:ALLthat I commented, and all was fine.My question is: why the hosts.deny (that has never changed) was observed only with the local IP?I tried to switch back to the public IP and leaving ALL:ALL, and it did connect without any problem

View 1 Replies View Related

Ubuntu Security :: Deny Hosts Removing An Ip And Checking Tcpwrappers?

Oct 21, 2010

I could not find any where the documentation the only best which I got was [URL]

My question is the following blog says to remove an IP from /etc/hosts.deny which denyhost has blocked

[URL] you need to have a directory /usr/share/denyhosts/data I do not find any such directory

Also when I tried to check tcp wrapper configuration as given here

[URL]

tcpdchk -v Cannot find your inetd.conf or tlid.conf file. Please specify its location.

what does the above output mean? How do I make sure denyhosts is doing its job?

View 2 Replies View Related

Ubuntu :: No Hosts File - Just Hosts.allow And .deny?

Jan 26, 2011

Probably an easy (which means stoopid) question...I am trying to reroute a website using my hosts file so that it matches my servers certificate file for testing without effect dns and the live site.When I went to edit my /etc/hosts file it is non-existent. I have, I am assuming in it's place, hosts.allow and hosts.deny. Can anyone explain why I do not have a hosts file?

View 1 Replies View Related

Security :: Warning: /etc/hosts.deny, Line 20: Missing ":" Separator?

May 15, 2010

I am getting a warning from /etc/hosts.deny

Code:
ALL: 192.168.1.3
ALL: 172.68.11.204

[code]...

View 14 Replies View Related

Fedora Security :: Email On ALL Ssh Login Attempts?

Apr 28, 2009

I know this is probably easy and if I only took a while to figure it out maybe I could but I have some stuff that needs to happen soon and I can't figure this out. I was wondering how I could have a log monitor that would email me whenever someone tries to login over ssh to my system. I'm open to everything daemons/scripts or cron itl works as I am not running a production server (but I might be starting that soon). Oh and just a side how do I get sent an email when I get port scanned

View 6 Replies View Related

Fedora Security :: Ssh Malicious Login Attempts

Nov 15, 2009

I have a server box behind my ISP router at home, and I need to allow ssh access to my server. My ISP router doesn't let me allow selectively ssh from some IP. It allows ssh to everyone.

I have fedora10 and openssh-server-5.1p1-3. How can I configure openssh to allow just from 1 IP?

Does it use xinetd at all and the hosts.allow and .deny mechanism?

View 14 Replies View Related

Ubuntu Security :: Log User Login Attempts Only?

Jun 29, 2010

How can I set up snort to only log and detect/capture logins using root or any of the "homeusers" login accounts or names?

View 9 Replies View Related

Ubuntu Security :: SSH Login Attempts Using WINBIND ?

Oct 23, 2010

I have an SSH server on my laptop, and I'm using the default configuration file, but I added "AllowUsers <myUserName>". I get lots of login attempts like the ones below in my /var/log/auth.log.From Google, I find that pam_winbind allows some kind of Windows authentication. This leaves me with 2 questions. What does winbind do when I have not configured any Windows/Samba accounts? How can I turn it off?

Code:
Oct 23 20:01:49 muon sshd[24329]: User root from 201.116.17.163 not allowed because not listed in AllowUsers

[code]...

View 9 Replies View Related

Ubuntu Security :: Block Multiple Ssh Login Attempts?

Mar 22, 2011

I am running a ubuntu server 10.10 with SSH, and OpenVPN. I use it mainly for the VPN, but I have seen log in attempts such as:

Mar 22 14:52:53 UbuntuSvr sshd[2397]: Invalid user support from 85.217.190.69
Mar 22 14:52:55 UbuntuSvr sshd[2399]: Invalid user student from 85.217.190.69
Mar 22 14:52:57 UbuntuSvr sshd[2401]: Invalid user transfer from 85.217.190.69
Mar 22 14:52:59 UbuntuSvr sshd[2403]: Invalid user user from 85.217.190.69

[Code]...

Is it possible to make it so when some one has tried logging in 5 times with an invalid user/pass that the ip is banned for 10 minutes? I have password auth set to no and am using keys.

View 7 Replies View Related

Security :: Account Lock After Failed Login Attempts

May 25, 2010

I'm trying to lock an account after a number of failed login attempts in a RHEL5.

This is the relevant configuration in /etc/pam.d/system-auth

In the logs I can see how the count of failed logins increase and exceeds my deny option but the account isn't locked

Do I need any other option in the PAM file? Is there any other way to lock an account?

View 5 Replies View Related

Security :: Count The Failure Root Login Attempts?

Apr 1, 2011

I want to count the failure root login attempts so that do an action when the user faild to login as root for three consecutive times (like log a line in syslog).

View 4 Replies View Related

Ubuntu Security :: Limit Login Attempts For Specific User?

Jan 15, 2011

I'd like to limit login attempts for specific user. I've found information in manpages: [URL]but I'm not sure if this '@' is purposly there, so would be that correct?

Code:
aparaho - maxlogins 4
or
Code:
@aparaho - maxlogins 4

Maybe '@' is a group syntax? I'm confused.

What happens after 4 failed loggins? Is it enough to restart system to get another login attempts?

Are there any other values that it is reasonable to limit for safety reasons?

View 4 Replies View Related

Security :: OpenLDAP / NSS / PAM Produce Logs Of Failed Login Attempts?

Feb 16, 2011

I am trying to get OpenLDAP to authenticate user logins, but running around in circles. Are there any logs produced by either client and/or server that would indicate possible reasons why it was unable to login as a user?Below is an explanation, any ideas would be appreciated, as I think everything is setup as per the various articles on using LDAP.

I have a CentOS 5.5 OpenLDAP server, and several others, some host services, some are file shares (samba).So far I have been able to successfully configure OpenLDAP to carry out all the ldap* commands from both the local server and from any of the remote servers, either via non-ssl or ssl connections. However, as soon as I try connecting any services up to it, it doesn't play ball.Back to basics, having cleared off all previous attempts at this from all machines, I have gone through the following:

Installed OpenLDAP server/client on host (plus nss_ldap).
Configured /etc/openldap/slapd.conf (see below)
Configured /etc/openldap/ldap.conf (see below)

[code]...

View 2 Replies View Related

Security :: Ssh - Sshd Parameter To Set To Block Out User After Number Of Attempts Tp Login?

Apr 28, 2011

Is there an ssh or sshd parameter that can be set to block out a user after a set number of attempts tp login ?

View 1 Replies View Related

Fedora Security :: Invalid XINETD_CONF_PATH Configuration Option - Non-existent Pathname Specified: /etc/xinetd.conf?

Mar 24, 2010

I'm just trying to figure out what is going on with FC12
Here is the error:

[root@localhost bigmac]# rkhunter --check
Invalid XINETD_CONF_PATH configuration option - non-existent pathname specified: /etc/xinetd.conf

View 1 Replies View Related

Ubuntu Networking :: How To Get Hosts.deny Work In 10.04

Sep 12, 2010

I have read the man files on hosts (deny/allow) and think I understand how they are supposed to work but reality has proven me wrong.

My simple test case was to add "ALL: ALL " to the end of hosts.deny which I though should make the Internet not work. I can still look up hosts fine so apparently I don't understand these files or Ubuntu is ignoring them.

This is my hosts.deny file

Code:

Code:

and hosts

Code:

hosts.deny is the only file I have edited (so far)

View 5 Replies View Related

General :: Denyhosts Keeps Adding IP Address To Hosts.deny?

Aug 10, 2010

I have setup Denyhosts to run on my server, and have been using it succesfully for the last few weeks, to allow me to ssh into my server from my home dev machine.

This morning, I accidentally typed my password incorrectly three times - and ended up being locked out of the system (tghat was ok, because that was what was supposed to happen). I logged into the server via another way and took the following actions (in the order given)

/etc/init.d/ssh stop
/etc/init.d/denyhosts stop
removed my IP address from /etc/hosts.deny
/etc/init.d/ssh start

[Code].....

View 1 Replies View Related

Security :: Ipsec Not Working Between Two Hosts?

Nov 3, 2010

I've set up two security associations(in and out) on two hosts, and then set up two policies per host that should filter traffic to those SA's. Yet when I try to ping one host from the other I get no response, meaning that the filters on one side work and drop unprotected packets, but both hosts are configured to communicate using ipsec. Can anyone point me in the right direction?

Code:
ip xfrm state add src 192.168.77.23 dst 192.168.77.24 proto esp spi 0x53fa0fdd mode transport reqid 16386 replay-window 32 auth "hmac(sha1)"

[code]...

View 1 Replies View Related

Networking :: Squid.conf Deny All Except 1 External Ip

Jul 3, 2010

I have encountered a problem using squid, I am currently configuring my squid to deny all http and https except 1 external dst ip address which I will use to connect trough RDP, how can I configure my squid with what I want to accomplish?

View 1 Replies View Related

Security :: Use Current /etc/hosts File To Do An Ssh-keyscan Instead Of Making A Special List Of Hosts?

May 2, 2011

I'm trying to use ssh-keyscan to get some known_host file population going on, but I have a ton of hosts I want to scan, all with multiple aliases in /etc/hosts. Is there a way to use my current /etc/hosts file to do an ssh-keyscan instead of making a special list of hosts that (from what I've read) ssh-keyscan needs?

View 2 Replies View Related

Fedora Security :: Iptables To Deny All Except Localhost?

May 15, 2011

i was hoping that someone in here could possibly help me out with my iptables rule set. First here is what i would like iptables to do, i want iptables to deny all packets or traffic from the outside coming in and for output allow the things i need like web and irc etc... Also, i would like iptables to deny access to all services like sendmail and ssh except i would like localhost to have access to everything. What i mean by localhost is that when i run my iptables script it loads fine except when i try ssh from localhost i get this output:ssh -l user localhostssh_exchange_identification: Connection closed by remote hostI know what most of you are thinking, why do i need to ssh into localhost from localhost just open another terminal, well i am getting myself familiar with iptables i want all services logged and blocked but not from localhost. I cant seem to figure out this problem and i have tried several different things. Here is my iptables script, I am hoping that someone out there can tell me what i am doing wrong...

#!/bin/bash
iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;

[code]....

View 5 Replies View Related

Security :: Deny Root Access To A Given File

Dec 7, 2010

I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.

View 6 Replies View Related

Security :: Deny Host When Changing SSH Port 22

Oct 30, 2010

I have an Asterisk on an externally hosted vServer with Lenny. In order to further protect the SSH access I intended to change the Port number 22 to something like 55555. For this I changed the /etc/ssh/sshd_config file and restarted ssh. This caused unfortunately the following problems:

(1) The first login works but DenyHost writes now the IP in its list so that the second login with the same IP is blocked.

(2) With RESET_ON_SUCCESS = yes several logins were possible with the same IP, but later it also was blocked for some still unknown reasons.

(3) Files can be uploaded for being edited, but they can't always be saved. When they can't be saved the next login with this IP is blocked. It thus looks like the blocking can occur while being connected. When the files can't be saved it is however still possible to copy files from the computer to the vServer.

I add below the entries in the auth.log from a logout and a login. It shows further how suddenly the attempts to save files were blocked. After this session the IP used for it was blocked. I don't know where the message "Unable to open env file: /etc/default/locale" comes from. If I remember right I had these messages already before. I don't know how much that is really important.

[Code]....

View 4 Replies View Related

General :: Host Command And Web Browser's Don't Accept Hosts.conf Order

Mar 4, 2011

Why does ping see audit.median.hu as 127.0.0.0, and why does host -t a audit.median.hu see it as 193.68.35.149? audit.median.hu is just an example site [hosts ads, etc.]

I just have a caching nameserver on my Fedora PC:

I configured my DNS server addresses in the Network-Manager Applet: 127.0.0.1, 8.8.8.8

Even with Wireshark, I can see it:

So the big question: Why don't the host command or my web browser recognize that I have modified audit.median.hus IP address?

View 1 Replies View Related

Security :: Firewall, Can't Deny Ips After Allowing Local Subnet?

Feb 23, 2010

If I allow, my server's IP is:
11.11.11.11

If I allow 11.11.11.11, and block 22.22.22.22

22.22.22.22 can't access the server

But if I allow 11.11.11.0/24, and block 22.22.22.22

22.22.22.22 can still access the server!!

Does anyone know why that is?

View 4 Replies View Related

Security :: Deny Download Some File Types On Squid?

Nov 15, 2010

How to deny download some file types on squid ?

I tried below in my squid.conf

acl blockfiles urlpath_regex -i "/etc/squid/src/blockfiles"
http_access allow localnet freesites !blockfiles

and in my /etc/squid/src/blockfiles

.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
.[Rr][Aa][Rr]$

I still able to download

View 2 Replies View Related

Ubuntu :: 10.04: How To Limit SSH Login Attempts

Apr 25, 2011

How do I limit the max login attempts in the sshd_config file? I found a way to do it on Google some time back but I can't find it now. I have Denyhost already, but I really wanna do the "MAx Login Attempts" what ever it was that I was able to do in the config file.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved