Ubuntu Security :: Deny Hosts Removing An Ip And Checking Tcpwrappers?
Oct 21, 2010
I could not find any where the documentation the only best which I got was [URL]
My question is the following blog says to remove an IP from /etc/hosts.deny which denyhost has blocked
[URL] you need to have a directory /usr/share/denyhosts/data I do not find any such directory
Also when I tried to check tcp wrapper configuration as given here
[URL]
tcpdchk -v Cannot find your inetd.conf or tlid.conf file. Please specify its location.
what does the above output mean? How do I make sure denyhosts is doing its job?
View 2 Replies
ADVERTISEMENT
Jan 18, 2010
I'm having troubles trying to understand this problem:my homeserver until yesterday had a public IP, staying on network, with sshd running and all was fine;this evening I changed the IP, giving it a local lan address, and what happened if I tried to connect to it by ssh?I got an error about "Connection closed by remote host". Google helped me finding that was regarded to hosts.deny file, that was actually containing a lineALL:ALLthat I commented, and all was fine.My question is: why the hosts.deny (that has never changed) was observed only with the local IP?I tried to switch back to the public IP and leaving ALL:ALL, and it did connect without any problem
View 1 Replies
View Related
Sep 7, 2010
I just downloaded the DenyHosts2.6python2.5.rpm for deny.hosts from sourceforge and would like to set it up. I normally use fish://, smb:// and ftp:// on the boxes on my lan. I already have files called hosts.allow and hosts.deny in the /etc folder. Will the rpm configure hosts.deny when first run?
View 1 Replies
View Related
May 16, 2011
I just set up denyhosts and it worked properly the first time adding lots of ips to the hosts.deny.I then set it to run every 12 hours noon and midnight.I wanted to see if ran properly and I got all this.Does it look like its working?
Code:
May 15 12:00:01 hyrule CRON[14286]: (root) CMD (python /usr/share/denyhosts/denyhosts_ctl.py -c /usr/share/denyhosts/denyhosts.cfg )
[code]...
View 4 Replies
View Related
Oct 28, 2010
I am using denyhosts on a server so in a config file/etc/denyhosts.confthe following value is setQuote:DENY_THRESHOLD_INVALID = 3which as per their configuration file saysQuote:
DENY_THRESHOLD_INVALID: block each host after the number of failed login
# attempts has exceeded this value. This value applies to invalid
# user login attempts (eg. non-existent user accounts)
[code]...
View 1 Replies
View Related
Jan 26, 2011
Probably an easy (which means stoopid) question...I am trying to reroute a website using my hosts file so that it matches my servers certificate file for testing without effect dns and the live site.When I went to edit my /etc/hosts file it is non-existent. I have, I am assuming in it's place, hosts.allow and hosts.deny. Can anyone explain why I do not have a hosts file?
View 1 Replies
View Related
May 15, 2010
I am getting a warning from /etc/hosts.deny
Code:
ALL: 192.168.1.3
ALL: 172.68.11.204
[code]...
View 14 Replies
View Related
Sep 12, 2010
I have read the man files on hosts (deny/allow) and think I understand how they are supposed to work but reality has proven me wrong.
My simple test case was to add "ALL: ALL " to the end of hosts.deny which I though should make the Internet not work. I can still look up hosts fine so apparently I don't understand these files or Ubuntu is ignoring them.
This is my hosts.deny file
Code:
Code:
and hosts
Code:
hosts.deny is the only file I have edited (so far)
View 5 Replies
View Related
Aug 10, 2010
I have setup Denyhosts to run on my server, and have been using it succesfully for the last few weeks, to allow me to ssh into my server from my home dev machine.
This morning, I accidentally typed my password incorrectly three times - and ended up being locked out of the system (tghat was ok, because that was what was supposed to happen). I logged into the server via another way and took the following actions (in the order given)
/etc/init.d/ssh stop
/etc/init.d/denyhosts stop
removed my IP address from /etc/hosts.deny
/etc/init.d/ssh start
[Code].....
View 1 Replies
View Related
May 2, 2011
I'm trying to use ssh-keyscan to get some known_host file population going on, but I have a ton of hosts I want to scan, all with multiple aliases in /etc/hosts. Is there a way to use my current /etc/hosts file to do an ssh-keyscan instead of making a special list of hosts that (from what I've read) ssh-keyscan needs?
View 2 Replies
View Related
May 15, 2011
i was hoping that someone in here could possibly help me out with my iptables rule set. First here is what i would like iptables to do, i want iptables to deny all packets or traffic from the outside coming in and for output allow the things i need like web and irc etc... Also, i would like iptables to deny access to all services like sendmail and ssh except i would like localhost to have access to everything. What i mean by localhost is that when i run my iptables script it loads fine except when i try ssh from localhost i get this output:ssh -l user localhostssh_exchange_identification: Connection closed by remote hostI know what most of you are thinking, why do i need to ssh into localhost from localhost just open another terminal, well i am getting myself familiar with iptables i want all services logged and blocked but not from localhost. I cant seem to figure out this problem and i have tried several different things. Here is my iptables script, I am hoping that someone out there can tell me what i am doing wrong...
#!/bin/bash
iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
[code]....
View 5 Replies
View Related
Dec 7, 2010
I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.
View 6 Replies
View Related
Oct 30, 2010
I have an Asterisk on an externally hosted vServer with Lenny. In order to further protect the SSH access I intended to change the Port number 22 to something like 55555. For this I changed the /etc/ssh/sshd_config file and restarted ssh. This caused unfortunately the following problems:
(1) The first login works but DenyHost writes now the IP in its list so that the second login with the same IP is blocked.
(2) With RESET_ON_SUCCESS = yes several logins were possible with the same IP, but later it also was blocked for some still unknown reasons.
(3) Files can be uploaded for being edited, but they can't always be saved. When they can't be saved the next login with this IP is blocked. It thus looks like the blocking can occur while being connected. When the files can't be saved it is however still possible to copy files from the computer to the vServer.
I add below the entries in the auth.log from a logout and a login. It shows further how suddenly the attempts to save files were blocked. After this session the IP used for it was blocked. I don't know where the message "Unable to open env file: /etc/default/locale" comes from. If I remember right I had these messages already before. I don't know how much that is really important.
[Code]....
View 4 Replies
View Related
Feb 23, 2010
If I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
View 4 Replies
View Related
Nov 15, 2010
How to deny download some file types on squid ?
I tried below in my squid.conf
acl blockfiles urlpath_regex -i "/etc/squid/src/blockfiles"
http_access allow localnet freesites !blockfiles
and in my /etc/squid/src/blockfiles
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
.[Rr][Aa][Rr]$
I still able to download
View 2 Replies
View Related
Dec 19, 2010
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies
View Related
May 5, 2010
I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies
View Related
Apr 9, 2011
I've setup a network within my lab and only gave access to local machines (Redhat 5,and a windows server 2000) ,First i have succeded to enable iptables,logwatch,nfs,logwatch,portmap,tcpwrapper.
this is my hosts.allow file: code...
Now i want to use ssh from a remote machine, i have disabled iptables,nfs,logwatch,portmap
what should i do to be able to access my network from my laptop which is not connected to my network?
View 15 Replies
View Related
May 30, 2011
I found this IP address in my hosts.allowQuote:ALL: 119.42.68.232I cannot find any other evidence of intrusion.
View 4 Replies
View Related
Nov 18, 2010
According to Security standards given in[URL]Quote:Unless otherwise approved the following setuid root binaries are the only ones allowed on production servers:
* /bin/su
* /usr/bin/sudo
* /usr/bin/passwd
[code]....
View 3 Replies
View Related
Nov 3, 2010
I've set up two security associations(in and out) on two hosts, and then set up two policies per host that should filter traffic to those SA's. Yet when I try to ping one host from the other I get no response, meaning that the filters on one side work and drop unprotected packets, but both hosts are configured to communicate using ipsec. Can anyone point me in the right direction?
Code:
ip xfrm state add src 192.168.77.23 dst 192.168.77.24 proto esp spi 0x53fa0fdd mode transport reqid 16386 replay-window 32 auth "hmac(sha1)"
[code]...
View 1 Replies
View Related
Jul 21, 2011
I'm interested in GNU/Tiger as recommended by a security guru I know. I did apt-cache search and located the package tiger:Code:tiger - Report system security vulnerabilitiesI also checked the ubuntu web-based package search and found tiger there too along with things like this signed message.Using apt-cache policy, I see this package is universe. I'd like to check the signature/cert/keys of this file before running apt-get install on it to see if it is acceptable given my current apt keys. Can someone explain how to do this?Also, what happens when I try to install a package using "apt-get install" and that package or one of its dependencies is:* unsigned* signed, but not by anyone whose key resides in my apt keyring?
View 3 Replies
View Related
Jan 13, 2010
I post this to have a memo about how I looked into this problem. You can use this command to check what is hidden.
Code:
/usr/lib/chkrootkit/chkproc -v -p 3 | grep /proc/ | sed 's/.*(/proc/[0-9]*).*/1/'| xargs -n1 -I %%% cat %%%/cmdline
If it doesn't output anything, then nothing is hidden currently. This usually means that a process was started between the ps command and the /proc check of chkrootkit. You can check what those command(s) are by running the above in a loop, with high priority.
[Code]...
Does anyone know how to get rid of these false positives while retaining other functionality of chkrootkit?
View 1 Replies
View Related
Aug 28, 2009
I updated sendmail during a routine set of updates. I found it replaced my old sendmail with sendmail+tcpwrappers. I had to create an entry in hosts.allow as my hosts.deny was set to deny all. Never had to do this before, but I had not updated sendmail in a while. Just a heads up in case anyone else is about to perform updates.
View 1 Replies
View Related
Jun 16, 2010
As I am a paranoid bastard, I made a bash screencap-script for my Ubuntu-computer, so I can check if anyone uses my computer for things I don't want them to do (eg. checking if anyone is viewing passwords stored in FireFox, looking at private files, or other things I find disturbing). There might be other people than me that is paranoid and want to monitor what's going on on their computers while they are away or letting someone else use their computer when going to the bathroom.
This is a small script, I'd like to hear if there is any improvements that can be done, so I can learn more and become better at such scripting.
The script requires Imagick (sudo apt-get install imagemagick) and a folder in the ~-directory (/home/username) called ".screen" (hidden, as this makes it more difficult to "intruders" to find it and it looks more like a system-folder than a monitoring-folder).
The script:
Code:
#!/bin/bash
i=1;
j=`date`;
user=`whoami`;
[Code]....
Add this script to /usr/local/bin and then go to keyboard-shortcuts in GNOME and add a shortcut-key-combination of your own choice for the script. Call it whatever you'd like, and the command you want to run is simply "screen". To add a shortcut for stopping the script, you add another shortcut-key-combination to the command "killall screen".
This enables you to monitor activity on your computer while you're away, saving png-screenshots of your desktop every three seconds in the folder /home/username/.screen/date.
NOTE: I'm not taking any responsibility for what you do with this script. Remember that monitoring someone's activities is never the right way to handle anything. Also, it's illegal many places. Take care and use it only for educational and testing purposes.
View 5 Replies
View Related
Jul 12, 2009
I'm not necessarily gonna do this, but I have to know. Is there a way to make the system not complain about every single freaking password you try to use? Make it so that any regular user could make "hello" their password without complaint? Like I said, I won't necessarily do it, but I have to know if it can be done.I did some searching and found the su -c "passwd username" trick, which is working for right now (I have root access but a user account I made for a friend doesn't)... it's just irritating when it won't even let him use something like "snuh123" because it seems to think it's based on a (reversed) dictionary word. Any use of a dictionary word, even with other chars, fails
View 6 Replies
View Related
Feb 9, 2010
How to do an easy file integrity checking on fedora 11 ? just to make sure that the necessary core os files are not corrupted using rpm and yum.
View 2 Replies
View Related
Jun 22, 2011
The problem is that yum is refusing to install gcc on a new SL6 install. As far as I can make out, a security update that I applied prior to my attempt to install gcc has caused problems. I did a new SL6 install (x86_86) a couple of weeks ago. This was a minimal installation, and I didn't install any dev tools, as I intended to install them later from yum. Since then, I've done very little; I installed a few packages (samba, xemacs, etc), and I let the system update itself. The update installed 'kernel', and updated 'kernel-firmware' [URL]. I now need to install the dev tools (g++, and so on), but I can't. I've tried this from gpk-application, and directly from yum. The complete yum output is below, but the basic error is:
> Error: Package: glibc-2.12-1.7.el6.i686 (sl)
> Requires: glibc-common = 2.12-1.7.el6
> Installed: glibc-common-2.12-1.7.el6_0.5.x86_64 (@sl-security)
[code]....
View 4 Replies
View Related
Oct 9, 2010
What's the best way to handle checking for a similar password?
IE. What would a possible algorithm be to generate the error "this password is too similar to one of your previous passwords"
I thought about adding the ascii value of each letter and then adding them and looking for at least a difference of X.
What methods have yall seen used for this?
View 14 Replies
View Related
Sep 2, 2010
Is there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
View 10 Replies
View Related
