» My Bangla Space

SEE WHAT YOU CAN DO ON MBS? | VOICE CHAT | LIVE MESSENGER

FORUM

Main Forum Index » ENTERTAINMENT AND INFORMATION

Sub-Forum

Computers , Games & Technology

Topic

Secure Your Server [ Prevent Brutforce attack on Your Linux Box ]

Post Reply

Secure Your Server [ Prevent Brutforce attack on Your Linux Box ]
Total Views: 84 - Total Replies: 7
May 29 2008, 3:59 am - By durjoy
	Nowdays is internet is worse and insecure than jungles , internet is full of spammers , hackers and crackers . if there is any security hole in your system , it wouldnt take long for them to get into your server . so make sure you have secured your box. use alpha numaric password with caps and small letter mixed . make sure you have created firewall rules . scan your system with NMAP to examine which port are open . type . netstat -a to see active connection and port ps aux to see which program is running . finaly use denyhosts to secure your server . in this tutorial i am going to explain how to install and configure denyhosts on linux . DenyHosts is one of must have security tools for sever owner , alternative of fail2ban. it aslo intended to be run by Linux system administrators to help thwart ssh server attacks. If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system? DenyHosts attempts to address the above... " This tutorial is based on a CentOS system, however, it should apply to other distributions with almost no modifications. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you! i am using centos . using yum to install it from repo yum install python python2.3-dev python2.3 Then we download and install DenyHosts like this: cd /tmp wget http://mesh.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.0.tar.gz tar xvfz DenyHosts-2.0.tar.gz cd DenyHosts-2.0 python setup.py install This installs DenyHosts to /usr/share/denyhosts. Now we have to create the DenyHosts configuration file /usr/share/denyhosts/denyhosts.cfg. We can use the sample configuration file /usr/share/denyhosts/denyhosts.cfg-dist for this: cd /usr/share/denyhosts cp denyhosts.cfg-dist denyhosts.cfg Then we must edit denyhosts.cfg with our favourite editor such as vi, vi denyhosts.cfg Make sure you set SECURE_LOG and LOCK_FILE to the correct values for your distribution. for my centos box SECURE_LOG = /var/log/secure LOCK_FILE = /var/run/denyhosts.pid As we want to run DenyHosts as a daemon, we need the daemon control script /usr/share/denyhosts/daemon-control. Again, we can use the sample script /usr/share/denyhosts/daemon-control-dist to create the needed file: cp daemon-control-dist daemon-control Edit /usr/share/denyhosts/daemon-control and make sure you set the correct values for DENYHOSTS_BIN, DENYHOSTS_LOCK, and DENYHOSTS_CFG. for my centos box its look like . DENYHOSTS_BIN = "/usr/bin/denyhosts.py" DENYHOSTS_LOCK = "/var/run/denyhosts.pid" DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg" Next we have to make that file executable: chown root daemon-control chmod 700 daemon-control Afterwards, we create the system bootup links for DenyHosts do that it is started automatically when the system is booted: cd /etc/init.d ln -s /usr/share/denyhosts/daemon-control denyhosts Finally, we start DenyHosts: /etc/init.d/denyhosts start DenyHosts logs to /var/log/denyhosts, if you are interested in the logs. The SSH daemon logs to /var/log/denyhosts on Centos. You can watch both logs and try to log in with an invalid user or with a valid user and incorrect password, etc. via SSH and see what happens. After you have crossed the threshold of incorrect login attempts, the IP address from which you tried to connect should get listed in /etc/hosts.deny, You can specify if/when IP addresses are removed again from /etc/hosts.deny - have a look at the PURGE_DENY variable in /usr/share/denyhosts/denyhosts.cfg. You must start DenyHosts with the --purge option to make the PURGE_DENY variable effective, like this: /etc/init.d/denyhosts start --purge However, you can also remove IP addresses manually from there, and as soon as they have got removed, these IP addresses can try to log in again via SSH. thats all Niz Links DenyHosts: http://denyhosts.sourceforge.net

May 29 2008, 6:55 am - Replied by: durjoy
	for more info about this awesome security tool visit DenyHosts: http://denyhosts.sourceforge.net thanks
	Yayyyyy Finally I'm Free !

May 29 2008, 7:41 am - Replied by: DiFFerenTxxxxxxToucH
	owaaa .... very useful post bro ....
	I never argue with an Idiot. They pull you down tO their level...And then beat you with experience.

Jun 01 2008, 1:30 am - Replied by: razibbsl
	good post thanks
	Hi I am Razib from Bangladesh. I AM gsm Member My GSM ID: ::..STBSL..::

Jun 20 2008, 9:41 pm - Replied by: mahabub_khan2007
	thank's brother 4 nice posting

Jul 05 2008, 5:09 am - Replied by: kuasha
	hmm.. gr8.....!
	দোয়েল জানে না.. যে সে জাতীয় পাখি....!

Jul 06 2008, 7:42 pm - Replied by: windoww
	Thank You For Information

Jul 06 2008, 10:57 pm - Replied by: Meghla

Post Reply

HELP CENTER | TERMS & CONDITIONS | PRIVACY POLICY | DMCA NOTICE | ABOUT US | CONTACT US | PROMOTE MBS | INVITE | RSS | ARCHIVE

	Copyrights 2006 - 2008 MyBanglaSpace.com . All Rights Reserved. Production Of Promax Solutions promaxsol.com