Find the answer to your Linux question:
Results 1 to 7 of 7
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    hosts.allow and hosts.deny help


    My FC5 box keeps getting hammered by what I assume is a dictionary attack.

    Here is part of my secure log: <code>
    --------------------- SSHD Begin ------------------------


    Failed logins from:
    216.75.41.2 (otorongo.servidorauri01.com): 388 times

    Illegal users from:
    216.75.41.2 (otorongo.servidorauri01.com): 1169 times

    **Unmatched Entries**
    pam_succeed_if(sshd:auth): error retrieving information about user bancadaanr : 1 time(s)
    pam_succeed_if(sshd:auth): error retrieving information about user dperez : 1 time(s)
    pam_succeed_if(sshd:auth): error retrieving information about user susan : 1 time(s) </code>

    What I do is each day, I add the IP address from the "Failed logins" and "Unmatched Entries" into my hosts.deny (ALL: ip_address).

    1. Is this the best way to do this?
    2. Can you look at my hosts.allow and hosts.deny files and tell me if I have them setup correct? What I want is to deny everyone the SSHD, FTP services and only allow my computer and domain to use them.



    Below are my files:
    hosts.allow
    <code>
    # hosts.allow This file describes the names of the hosts which are
    # allowed to use the local INET services, as decided
    # by the '/usr/sbin/tcpd' server.
    #
    ALL: laptop-it1
    ALL: .mydomain.com
    ALL: 10.9.5.43 </code>



    hosts.deny
    <code>
    #
    # hosts.deny This file describes the names of the hosts which are
    # *not* allowed to use the local INET services, as decided
    # by the '/usr/sbin/tcpd' server.
    #
    # The portmap line is redundant, but it is left to remind you that
    # the new secure portmap uses hosts.deny and hosts.allow. In particular
    # you should know that NFS uses portmap!
    ALL: 211.37.210.20
    ALL: 210.64.111.3
    ALL: 202.159.228.85
    ALL: 210.21.24.13
    ALL: 202.159.228.85
    ALL: 221.224.3.78
    ALL: .HINET.NET
    ALL: 211.41.179.61
    ALL: 217.21.126.22
    ALL: 205.196.179.236
    ALL: 211.137.44.113
    ALL: 220.200.163.110
    ALL: 211.33.40.5
    ALL: 83.111.70.73
    ALL: 210.192.102.22
    ALL: 218.14.253.200
    all: 64.219.97.248
    ALL: SSHD
    FTPD: ALL
    ALL: 64.219.97.248 </code>

    Thank you everyone.

  2. #2
    I was looking into this as well. I would like to make a script/program that would autmatically add ip's to hosts.deny after so many failed logins. In any case this article may help you out:

    http://www.ssh.com/support/documenta...s_Support.html

  3. #3
    Thanks for the link. For now, I'm using the denyhosts package which has added several ssh attacks to the deny file. But yes, I want to find a way to make it add all the services for failed logins.

  4. $spacer_open
    $spacer_close
  5. #4

    DenyHosts

    Here's a handy little program named DenyHosts that will monitor your logs and add IP addresses, according to how you define the configuration, and adds the offending host/IP to /etc/hosts.deny automagically.

  6. #5
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    What I want is to deny everyone the SSHD, FTP services and only allow my computer and domain to use them.
    hosts.allow:
    Code:
    sshd : your.domain.here your.ip.here
    hosts.deny:
    Code:
    sshd : ALL

  7. #6
    Linux Newbie the bassinvader's Avatar
    Join Date
    Jun 2006
    Location
    Europe
    Posts
    168

    why bother?!?!

    hi guys!!

    I dont wanna be rude, but why bother adding individual ip adresses to
    hosts_deny anyway!!

    Pretty much everything i've read about tcp wrappers says hosts_deny only has to contain ALL : ALL. ie deny everybody everything and then open holes with hosts_allow.

    what advantage is there to adding individual adresses?

    " I didn't know it was a picture of his wife! I thought it was a publicity shot form Planet Of the Apes."

  8. #7
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    what advantage is there to adding individual adresses?
    None. Plus it makes the file unwieldy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •