[TriLUG] Hostsallow, hostsdeny question

MG mgmonza at gmail.com
Thu Mar 20 15:39:48 EDT 2008


Thanks for that information, but after Alan Porter recommended 
denyhosts, I did look it up and didn't understand why if hosts.deny set 
to ALL:PARANOID wouldn't be sufficient, individual entries set by 
denyhosts in hosts.deny would.  It seemed that the same libwrap link 
condition would apply. 

Looking at firestarter's log now, I feel better about the worst attempts 
- sshd is linked with libwrap, others such as samba aren't - that 
probably explains the large number of attempts firestarter lists for 
those.  Sshd should be blocked and I turned samba and sql off, don't run 
ftp or telnet.   There are also a number of attempts listed as "UnKnown" 
- those are worrisome.

And as soon as my head stop hurting from reading the ssh keys man pages, 
I'll try SSH keys.

MG

Joseph E. ODoherty wrote:
> Denyhosts is also helpful in this regard: http://denyhosts.sf.net/
>
> On Wed, Mar 19, 2008 at 12:05:44PM -0400, MG wrote:
>   
>> Thanks - looks like keys are the way to go.
>>
>> MG
>>
>> Alan Porter wrote:
>>     
>>>> The firestarter event log has ME getting paranoid.
>>>>     
>>>>         
>>> Note that hosts.allow and hosts.deny are only used by programs that
>>> are linked with libwrap (xinetd is, lots of other server apps are).
>>> Some applications may just be listening on external interfaces without
>>> checking host.allow/deny.
>>>
>>> If you're truly paranoid, make sure your firewall rules are tight.
>>> Use SSH keys instead of passwords [1].  And you might even want to
>>> install "knock", a very easy-to-use port knocking client and server.
>>>
>>> Alan
>>>
>>>       
>>> [1] $ cat /etc/ssh/sshd_config
>>> PermitRootLogin yes
>>> PasswordAuthentication no
>>> ChallengeResponseAuthentication no
>>> UsePAM no
>>>
>>>
>>>
>>>
>>>
>>>
>>> .
>>>   
>>>       
>> -- 
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>     
>
>   



More information about the TriLUG mailing list