Re: stopping brute for ssh attack
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: stopping brute for ssh attack

From: Brenda <brenda@nospam.com>
Date: Tue Jan 31 2006 - 00:21:49 CET



This is exactly what I want.


I installed it via yum but how do I add it into the /etc/pam.d/ config 


files?  we are using fedora core 4



bren



"dawid gajownik" <xyz17@N05P4M.poczta.onet.pl> wrote in message 


news:pan.2006.01.30.21.10.38.910202@N05P4M.poczta.onet.pl...


> On Mon, 30 Jan 2006 13:18:13 -0600, Brenda wrote:


>


>> Is there a way to do this?


>


> [y4kk0@X ~]$ yum info pam_abl denyhosts


> Setting up repositories


> Reading repository metadata in from local files


> Available Packages


> Name   : denyhosts


> Arch   : noarch


> Version: 1.1.4


> Release: 2.fc4


> Size   : 68 k


> Repo   : extras


> Summary: A script to help thwart ssh server attacks


> Description:


> DenyHosts is a Python script that analyzes the sshd server log


> messages to determine which hosts are attempting to hack into your


> system. It also determines what user accounts are being targeted. It


> keeps track of the frequency of attempts from each host and, upon


> discovering a repeated attack host, updates the /etc/hosts.deny file


> to prevent future break-in attempts from that host.  Email reports can


> be sent to a system admin.


>


> Name   : pam_abl


> Arch   : i386


> Version: 0.2.2


> Release: 2.fc4


> Size   : 23 k


> Repo   : extras


> Summary: A Pluggable Authentication Module (PAM) for auto blacklisting


> Description:


> Provides auto blacklisting of hosts and users responsible for repeated


> failed authentication attempts. Generally configured so that


> blacklisted users still see normal login prompts but are guaranteed to


> fail to authenticate. A command line tool allows to query or purge the


> databases used by the pam_abl module.


>


> [y4kk0@X ~]$


>


> Please search fedora-extrsa-list for more information (there was some


> time ago discussion about these two programs).


>


> I would also suggest changing default sshd port to something else.


>


> -- 


> http://faq.fedora.pl | http://forum.fedora.pl


> http://wiki.fedora.pl/Hardware/BinarneSterowniki


> http://openwengo.com/ - i Ty możesz pomóc zniszczyć niewolnego Skype'a ;)


> 


Received on Tue Feb  7 20:58:27 2006