Ubuntu Security :: Denyhosts Working \ First Time Adding Lots Of Ips To The Hosts.deny?
May 16, 2011
I just set up denyhosts and it worked properly the first time adding lots of ips to the hosts.deny.I then set it to run every 12 hours noon and midnight.I wanted to see if ran properly and I got all this.Does it look like its working?
Code:
May 15 12:00:01 hyrule CRON[14286]: (root) CMD (python /usr/share/denyhosts/denyhosts_ctl.py -c /usr/share/denyhosts/denyhosts.cfg )
[code]...
View 4 Replies
ADVERTISEMENT
Aug 10, 2010
I have setup Denyhosts to run on my server, and have been using it succesfully for the last few weeks, to allow me to ssh into my server from my home dev machine.
This morning, I accidentally typed my password incorrectly three times - and ended up being locked out of the system (tghat was ok, because that was what was supposed to happen). I logged into the server via another way and took the following actions (in the order given)
/etc/init.d/ssh stop
/etc/init.d/denyhosts stop
removed my IP address from /etc/hosts.deny
/etc/init.d/ssh start
[Code].....
View 1 Replies
View Related
Oct 28, 2010
I am using denyhosts on a server so in a config file/etc/denyhosts.confthe following value is setQuote:DENY_THRESHOLD_INVALID = 3which as per their configuration file saysQuote:
DENY_THRESHOLD_INVALID: block each host after the number of failed login
# attempts has exceeded this value. This value applies to invalid
# user login attempts (eg. non-existent user accounts)
[code]...
View 1 Replies
View Related
Jan 18, 2010
I'm having troubles trying to understand this problem:my homeserver until yesterday had a public IP, staying on network, with sshd running and all was fine;this evening I changed the IP, giving it a local lan address, and what happened if I tried to connect to it by ssh?I got an error about "Connection closed by remote host". Google helped me finding that was regarded to hosts.deny file, that was actually containing a lineALL:ALLthat I commented, and all was fine.My question is: why the hosts.deny (that has never changed) was observed only with the local IP?I tried to switch back to the public IP and leaving ALL:ALL, and it did connect without any problem
View 1 Replies
View Related
Sep 7, 2010
I just downloaded the DenyHosts2.6python2.5.rpm for deny.hosts from sourceforge and would like to set it up. I normally use fish://, smb:// and ftp:// on the boxes on my lan. I already have files called hosts.allow and hosts.deny in the /etc folder. Will the rpm configure hosts.deny when first run?
View 1 Replies
View Related
Oct 21, 2010
I could not find any where the documentation the only best which I got was [URL]
My question is the following blog says to remove an IP from /etc/hosts.deny which denyhost has blocked
[URL] you need to have a directory /usr/share/denyhosts/data I do not find any such directory
Also when I tried to check tcp wrapper configuration as given here
[URL]
tcpdchk -v Cannot find your inetd.conf or tlid.conf file. Please specify its location.
what does the above output mean? How do I make sure denyhosts is doing its job?
View 2 Replies
View Related
Jan 26, 2011
Probably an easy (which means stoopid) question...I am trying to reroute a website using my hosts file so that it matches my servers certificate file for testing without effect dns and the live site.When I went to edit my /etc/hosts file it is non-existent. I have, I am assuming in it's place, hosts.allow and hosts.deny. Can anyone explain why I do not have a hosts file?
View 1 Replies
View Related
May 15, 2010
I am getting a warning from /etc/hosts.deny
Code:
ALL: 192.168.1.3
ALL: 172.68.11.204
[code]...
View 14 Replies
View Related
Sep 12, 2010
I have read the man files on hosts (deny/allow) and think I understand how they are supposed to work but reality has proven me wrong.
My simple test case was to add "ALL: ALL " to the end of hosts.deny which I though should make the Internet not work. I can still look up hosts fine so apparently I don't understand these files or Ubuntu is ignoring them.
This is my hosts.deny file
Code:
Code:
and hosts
Code:
hosts.deny is the only file I have edited (so far)
View 5 Replies
View Related
Nov 3, 2010
I've set up two security associations(in and out) on two hosts, and then set up two policies per host that should filter traffic to those SA's. Yet when I try to ping one host from the other I get no response, meaning that the filters on one side work and drop unprotected packets, but both hosts are configured to communicate using ipsec. Can anyone point me in the right direction?
Code:
ip xfrm state add src 192.168.77.23 dst 192.168.77.24 proto esp spi 0x53fa0fdd mode transport reqid 16386 replay-window 32 auth "hmac(sha1)"
[code]...
View 1 Replies
View Related
May 2, 2011
I'm trying to use ssh-keyscan to get some known_host file population going on, but I have a ton of hosts I want to scan, all with multiple aliases in /etc/hosts. Is there a way to use my current /etc/hosts file to do an ssh-keyscan instead of making a special list of hosts that (from what I've read) ssh-keyscan needs?
View 2 Replies
View Related
Oct 31, 2010
I've been using Deny Hosts for a couple of years now without trouble. My router forwards SSH calls to host tock on my LAN. My router's internet hostname is michigan. I keep an svn repository on tock and access it through michigan. In this way I can update my repository when I'm at home or away.Just today, however, whenever I try any ssh to michigan, I get a closed connection and find michigan in my hosts.deny file. I delete it, make a successful connection, but then on my next attempt - there I am in the hosts.deny file again.
I've worked around it by putting michigan into my hosts.allow file, but I would really like to know what's going on. I've configured Hosts Deny to lock out IPs after three failed attempts, but it is locking out michigan after one successful connection.
View 3 Replies
View Related
Aug 31, 2010
So I installed denyhosts on my system and I ssh to it fine. Then all of a sudden I got an email saying my ip was added to the /etc/hosts.deny file.I have no clue why. I did not fail the login. So I had an open session and put it in the /etc/hosts.allow file and tried to ssh back in no problem.Then I logged out and all of a sudden I got the email saying my ip was added to the hosts.deny again. Now I am kicked out of the system..
I am guessing I cannot get back in until I get to the console and remove it. I can power on and off the system remotely but I enabled the chkconfig denyhosts on option so it starts on reboot. No remote console is setup.So it looks like I am hozed until I can get to the console, bummer as I was trying to set up a spacewalk server on it. I cannot get to the console for a few days so if anyone has ideas how I can get back in let me know. But denyhosts seems to be working as designed.
This was a default install I did not configure anything funky. Just changed the email to root and started it.I thought about changing my client IP but that wont work as I only have ssh passed on my router to that IP so if I change the client IP I wont get into my routing machine.I think i answered my own question but just thought I would askI guess my real question is why would denyhosts block my IP when the login did not fail and how do i configure it so this does not happen again.
View 8 Replies
View Related
Jun 2, 2010
I am with a customer who has Suse 10.1 in production environment and connected to the internet.For now I want to install denyhosts on this machine since I see lots of failed login attempts outside office hours.However when I do: python setup.py install I get the message File "setup.py", line 4, in ?from distutils.core import setupmportError: No module named distutils.coreI don't know how to solve this. I have added a repository to install distutils.core but could not find it
View 1 Replies
View Related
Oct 26, 2010
I am currently in the process of moving around 20TB of data from one server to another. Security is not a concern, since the data are freely available to anyone on our network anyway. There are a couple of things that I'm trying to decide on:
(1) protocol choice
Of all the choices I have--nfs, ftp, scp, rsync, samba--has anyone done any benchmarking to show which would be the fastest/most robust transfer protocol? I know nfs has slow write speeds for synchronous transfers. Asynchronous would be faster, but less robust. I'm leaning toward rsync since it performs md5sums to confirm the file transfers. (Remember if there's a 1 in a billion chance that a byte will get corrupted, then I'll have 20,000 corrupt bytes in the transfer.)
(2) Nautilus emblems
We use emblems in Nautilus to categorize files. The old and the new server have the same directory structure.Is there any way to copy the Nautilus emblems from the old server to the new server. What I want is that if a user had marked a particular file with a star on the old server, then that file would be marked with a star on the new server when he/she logs in.
View 1 Replies
View Related
Jan 25, 2010
Take a peek at this:
Code:
Jan 23 20:15:01 localhost CRON[22629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 23 20:15:01 localhost CRON[22629]: pam_unix(cron:session): session closed for user root
[code]....
View 3 Replies
View Related
May 15, 2011
i was hoping that someone in here could possibly help me out with my iptables rule set. First here is what i would like iptables to do, i want iptables to deny all packets or traffic from the outside coming in and for output allow the things i need like web and irc etc... Also, i would like iptables to deny access to all services like sendmail and ssh except i would like localhost to have access to everything. What i mean by localhost is that when i run my iptables script it loads fine except when i try ssh from localhost i get this output:ssh -l user localhostssh_exchange_identification: Connection closed by remote hostI know what most of you are thinking, why do i need to ssh into localhost from localhost just open another terminal, well i am getting myself familiar with iptables i want all services logged and blocked but not from localhost. I cant seem to figure out this problem and i have tried several different things. Here is my iptables script, I am hoping that someone out there can tell me what i am doing wrong...
#!/bin/bash
iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
[code]....
View 5 Replies
View Related
Dec 7, 2010
I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.
View 6 Replies
View Related
Oct 30, 2010
I have an Asterisk on an externally hosted vServer with Lenny. In order to further protect the SSH access I intended to change the Port number 22 to something like 55555. For this I changed the /etc/ssh/sshd_config file and restarted ssh. This caused unfortunately the following problems:
(1) The first login works but DenyHost writes now the IP in its list so that the second login with the same IP is blocked.
(2) With RESET_ON_SUCCESS = yes several logins were possible with the same IP, but later it also was blocked for some still unknown reasons.
(3) Files can be uploaded for being edited, but they can't always be saved. When they can't be saved the next login with this IP is blocked. It thus looks like the blocking can occur while being connected. When the files can't be saved it is however still possible to copy files from the computer to the vServer.
I add below the entries in the auth.log from a logout and a login. It shows further how suddenly the attempts to save files were blocked. After this session the IP used for it was blocked. I don't know where the message "Unable to open env file: /etc/default/locale" comes from. If I remember right I had these messages already before. I don't know how much that is really important.
[Code]....
View 4 Replies
View Related
Feb 23, 2010
If I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
View 4 Replies
View Related
Nov 15, 2010
How to deny download some file types on squid ?
I tried below in my squid.conf
acl blockfiles urlpath_regex -i "/etc/squid/src/blockfiles"
http_access allow localnet freesites !blockfiles
and in my /etc/squid/src/blockfiles
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
.[Rr][Aa][Rr]$
I still able to download
View 2 Replies
View Related
Dec 19, 2010
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies
View Related
Mar 7, 2010
There are many time zone files accessible from the command line that don'thow up in the GUI ("system-config-time"). How do I add these time zones to the GUI
View 1 Replies
View Related
May 5, 2010
I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies
View Related
Jul 13, 2010
Is there anyway that I can prevent access to the hosts file, or any file for that matter, for a time that I can specify, so that within that time no one will be able to open and edit the said file?
View 4 Replies
View Related
Oct 16, 2010
After I upgraded to Ubuntu 10.10, my /etc/hosts, which had been previously edited by me, restored to default. I configured it again and was able to work for a while - untill I went offline. Each time I go offline since the upgrade, Ubuntu restores this file to default deleting my domains from it.
View 5 Replies
View Related
May 30, 2011
I found this IP address in my hosts.allowQuote:ALL: 119.42.68.232I cannot find any other evidence of intrusion.
View 4 Replies
View Related
Jul 15, 2010
I need some assistance with my Ubuntu server setup.
I use a Free BSD Linux server at work that I SSH to. When I telnet to the server I see the following:
[8:23am] myhost:/home/pmiglia]
I like that I see the time and path just like that.
Now I have been trying for DAYS to get my Linux server to display with the time but with no luck
FYI, new users and old users do not display like this when they SSH, only me as far as I can tell.
View 4 Replies
View Related
Sep 2, 2010
Is there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
View 10 Replies
View Related
Apr 3, 2010
I wonder if its possible to add the time to virtual terminals? for example something like this:
Quote:
Welcome to linux 2.6.27.31-smp (tty2) 14:35
View 1 Replies
View Related
