Results 1 to 9 of 9

Thread: denyhosts.conf and pam

  1. #1
    Join Date
    Nov 2009
    Location
    Gainesville, VA
    Beans
    459
    Distro
    Ubuntu Studio 12.04 Precise Pangolin

    denyhosts.conf and pam

    Hi,

    I have a few questions - maybe bullets will work better.

    1. I found an IP in my auth.log file where someone used a dictionary attack on my box - while they were unsuccessful, how common is this?

    2. Do I risk incurring the wrath of a script kiddie for running an aggressive nmap against said IP?

    3. Someone turned me on to the denyhosts package - any idea why this isn't part of the distro proper? It just seems like that should be a default option.

    4. And lastly - should I be looking into pam setting for establishing better security practices?

    Many thanks for your time.

    Cheers!

  2. #2
    Join Date
    Sep 2011
    Beans
    1,531

    Re: denyhosts.conf and pam

    It's my understanding that it's incredibly common and that there are automated scripts crawling the internet looking for servers to brute force attack.

    Here are some links discussing security measures for servers.

    http://askubuntu.com/questions/32246...ce-ssh-attacks
    http://www.andrewault.net/2010/05/17...ubuntu-server/
    http://nwlinux.com/how-to-secure-an-...he-web-server/

    Frankly I'm just now starting to play with servers & securing them. So hopefully someone with more experience than me can chime in & say whether any of those link stink or not. Or if there's a better link, please share.

  3. #3
    Join Date
    Nov 2009
    Location
    Gainesville, VA
    Beans
    459
    Distro
    Ubuntu Studio 12.04 Precise Pangolin

    Re: denyhosts.conf and pam

    Cool - thanks for your reply. I'll spend some time perusing them.

  4. #4
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,262
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: denyhosts.conf and pam

    Quote Originally Posted by Diametric View Post
    2. Do I risk incurring the wrath of a script kiddie for running an aggressive nmap against said IP?
    I wouldn't worry so much about the script kiddie as I would about my ISP's reactions. Running scans on IPs that aren't assigned to you is not allowed by most "terms of services" sets of rules, and could get your service cancelled.

    Also, if the IP you're scanning is a dynamic one and gets reassigned to someone else, you might be in for some serious legal trouble if the new owner complains to the right people.

    In other words, it's a Bad Idea in any case. Just block that IP from access to your system and forget about it...
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

  5. #5
    Join Date
    Nov 2009
    Location
    Gainesville, VA
    Beans
    459
    Distro
    Ubuntu Studio 12.04 Precise Pangolin

    Re: denyhosts.conf and pam

    I didn't know about the "rules of service" - but, at least initially...for my own edification...if they scan me, I feel fairly vindicated in seeing what I can from them.

  6. #6
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: denyhosts.conf and pam

    Fyi port scanning is not illegal.

    You also would not likely be scanning the person responsible for the brute force in fact o can almost guarantee that you would find a server running an ssh servoce with weal credentials.

    Denyhosts while it is good, is a waste of time in my opinion just impose an iptables rqte limit use keys and disable login with passwords.

    Hope this helps

  7. #7
    Join Date
    Nov 2009
    Location
    Gainesville, VA
    Beans
    459
    Distro
    Ubuntu Studio 12.04 Precise Pangolin

    Re: denyhosts.conf and pam

    Quote Originally Posted by Dangertux View Post
    Fyi port scanning is not illegal.

    You also would not likely be scanning the person responsible for the brute force in fact o can almost guarantee that you would find a server running an ssh servoce with weal credentials.

    Denyhosts while it is good, is a waste of time in my opinion just impose an iptables rqte limit use keys and disable login with passwords.

    Hope this helps
    Fair enough mate - thanks for the info. I'm hoping denyhosts holds me down until I can learn iptables...or pam, which is what I've come to understand is the way to lock processes. Thus, my original post/questions.

    Cheers...

  8. #8
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: denyhosts.conf and pam

    Oh my... So many typos... I really need to get used to this new phone..

    Anyway i just mention the other though because on high load systems there is no point on wasting IO on something that wont be successful anyway. Of course use what works for you

  9. #9
    Join Date
    Nov 2009
    Location
    Gainesville, VA
    Beans
    459
    Distro
    Ubuntu Studio 12.04 Precise Pangolin

    Re: denyhosts.conf and pam

    It's all good - I appreciate the feedback and don't stress the typos!

    Cheers...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •