Burnt Fingers

Friday, November 18. 2005

I learnt a valuable lesson today.

Don't pickup your burning previously toasted sandwich (now a smouldering piece of charcoal) with your hands. The remaining liquid contents (that were solid to start), tips out over your hands, you try to flick it off and manage to put your fingers onto the hotplate.

http://ganjataz.com/01smileys/images/smileys/saddunce.gif

That reminds me... I use a similar program on my Linux servers to avoid getting my fingers burnt under by script-kiddies running automated tools to use brute force to break into UNIX machiens running SSH.

DenyHosts, is a clever program that monitors the SSH log files and picks up login errors and numerous failed attempts by the same IP and will then block the IP via tcp_wrappers. It even allows you to define a period of time you ish to deny them access (say 3 days), to stop automated attacks.

The only requirement is that you have Python and your version of SSH is compiled with tcp_wrappers.

This is easy to check:

QUOTE:

$> ldd /usr/sbin/sshd
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00898000)
libpam.so.0 => /lib/libpam.so.0 (0x00955000)
libdl.so.2 => /lib/libdl.so.2 (0x00661000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x0072a000)
libutil.so.1 => /lib/libutil.so.1 (0x00e08000)
libz.so.1 => /usr/local/lib/libz.so.1 (0x009ee000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00111000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x0048d000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00127000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00c6d000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00135000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00870000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00d34000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00b98000)
libc.so.6 => /lib/tls/libc.so.6 (0x0019a000)
libaudit.so.0 => /lib/libaudit.so.0 (0x0069a000)
/lib/ld-linux.so.2 (0x00590000)

Notice the libwrap line? It means TCP_Wrappers is compiled against SSHD. So we're right to go.

One can run DenyHosts in daemon mode and ensures it picks up such attempts automagically.

Using this ensures you are not open to such attacks, avoid root-kits being installed.
As a general rule disable root logins remotely (always su up to root when required).

Using something like DenyHosts ensures you're fingers won't be burnt and your machine compromised.

http://members.shaw.ca/wenpigsfly/smileys/thumb.gif

Posted by Matt in Apps, Linux, Work at 14:27 | Comments (0) | Trackbacks (0)

Defined tags for this entry: apps, family, life, Linux, security, work

Related entries by tags:

305 hits

< Socceroos off to Germany! | Sol doing the rounds >

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets. BBCode format allowed Standard emoticons like :-) and ;-) are converted to images. E-Mail addresses will not be displayed and will only be used for E-Mail notifications
	Remember Information? Subscribe to this entry