Skip to main content

FreeBSD - SSHGuard

http://www.sshguard.net/

SSHGuard adalah salah satu tools yang ada di ports untuk melindungi ssh servis anda dari diserang secara bruteforce. Ia menggunakan sistem log dari syslog untuk mengesan IP yang gagal untuk login ke server.

- Install dari ports

proxy# /usr/ports/security/sshguard-pf
proxy# make install clean

- Konfigurasi PF
shell> nano /etc/pf.conf


#di bahagian table
table "" persist #sila buang "", <> tak boleh :P

#bahagian block rules
block in quick on $ext_if proto tcp from to any port 22 label "ssh bruteforce"

- Aktifkan rules pf yang baru
shell> pfctl -ef /etc/pf.conf

- Edit /etc/syslog.conf
uncomment line yang berkenaan sshguard

proxy# nano /etc/syslog.conf
GNU nano 2.0.9 File: /etc/syslog.conf


# $FreeBSD: src/etc/syslog.conf,v 1.28.20.1 2009/04/15 03:14:26 kensmith Exp $
#
# Spaces ARE valid field separators in this file. However,
# other *nix-like systems still insist on using tabs as field
# separators. If you are sharing this file between systems, you
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
*.=debug /var/log/debug.log
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.* /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
!startslip
*.* /var/log/slip.log
!ppp
*.* /var/log/ppp.log

- Aktifkan konfigurasi syslog yang baru

shell> /etc/rc.d/syslogd reload

- Untuk mencuba sila login dengan username yang salah secara berturut menggunakan host yang berlainan dari pc anda yang remote secara terus ke server, ia bagi mengelakkan pc anda di block terus dan tidak dapat diakses sama sekali.

- Untuk melihat table PF bagi IP yang sudah di block, boleh menggunakan pfctl

shell> pfctl -Ts how -t sshguard
No ALTQ support in kernel
ALTQ related functions disabled
200.200.200.199

- Untuk delete IP yang diblock boleh juga menggunakan pfctl

shell> pfctl -t sshguard -T delete 200.200.200.119
Labels:

Comments

Post a Comment

Popular posts from this blog

MySQL Enterprise thingy

It's been a weird thing when you install MySQL server especially the one that is 'enterprise' version is not working with your PHP. That is the problem that my friend and I facing today. Since PHP require php-mysql extension to connect to MySQL server but php-mysql is only work with mysql-server from the Repos (Redhat/Centos). 1) Remove default mysql-server/php-mysql 2) Install MySQL Enterprise 3) Dependencies conflict occur + headache + install php-mysql shell> yum install php-mysql Loaded plugins: rhnplugin, security Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package php-mysql.x86_64 0:5.1.6-27.el5 set to be updated --> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15)(64bit) for package: php-mysql --> Processing Dependency: libmysqlclient.so.15()(64bit) for package: php-mysql --> Running transaction check ---> Package mysql.x86_64 0:5.0.77-4.el5_4.2 set to be updated --> Process...
2 comments
Read more

Upgrading MySQL to MariaDB

Ever since MariaDB exists, I really like to install and test the performance but time consume for my daily work stopped me to try MariaDB, today I plan to update my MySQL server that serve lot of data in and out to MariaDB 10.0 (today latest version :P ) So there's a few step that should be considered before we can proceed further. 1. BACKUP - Always backup your data at the first place. - Save it to the proper place so that if anything goes wrong, you can export back your data. mysqldump -u root -pYOURPASSWORD --all-databases > allbackup.sql & If you don't want to wait and you know that the current database is big, just put the process at the background so that you can monitor the process using top :) - Backup your current configuration files cp /etc/my.cnf /tmp/my.cnf.bak 2. Let's go If you're installing mysql from webtatic and made a replacing package name , you may encountered an error like Error: mysql55w conflicts with MariaDB-server-5.5....
Post a Comment
Read more

DirectAdmin - Upgrading MySQL from 5.5 to 5.6

cd /usr/local/directadmin/custombuild mkdir -p mysql cd mysql wget http://files.directadmin.com/services/all/mysql/64-bit/5.5.41/MySQL-client-5.5.41-1.linux2.6.x86_64.rpm wget http://files.directadmin.com/services/all/mysql/64-bit/5.5.41/MySQL-devel-5.5.41-1.linux2.6.x86_64.rpm wget http://files.directadmin.com/services/all/mysql/64-bit/5.5.41/MySQL-server-5.5.41-1.linux2.6.x86_64.rpm wget http://files.directadmin.com/services/all/mysql/64-bit/5.5.41/MySQL-shared-5.5.41-1.linux2.6.x86_64.rpm cd .. ./build mysql_backup mv mysql_backups mysql_backups.`date +%F` #after this point, you can't abort rpm -e --noscripts `rpm -qa | grep MariaDB` cd mysql rpm -ivh MySQL*5.5.41*.rpm #ensure it's running. cd .. ./build set mysql 5.6 ./build set mysql_inst yes ./build mysql # confirm mysqld is running. ./build php n
Post a Comment
Read more