Welcome to my site. Please CLICK HERE to give your opinions regarding this new look of "PCTipsbyAnu". Thanks for visiting.

Friday, October 8, 2010

Browse » Home » , , , » How to block SSH Attack/Hacking in RHEL & CentOS?

How to block SSH Attack/Hacking in RHEL & CentOS?



How to I block and stop attacks on ssh server under CentOS Linux or Red Hat Enterprise Linux server 5.x?

You can easily thwart SSH server attacks including dictionary based attacks and brute force attacks using denyhosts software.

It is a Python based script that analyzes the sshd server logmessages to determine what hosts are attempting to hack into yoursystem.

Step #1: Enable Rpmforge Repo

First, enable rpoforge repo. For 32bit CentOS / RHEL Linux enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
IF THE ABOVE IS NOT WORK THAN PLEASE USE THIS ONE :
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
For 64 bit CentOS / RHEL 5 Linux, enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm


IF THE ABOVE IS NOT WORK THAN PLEASE USE THIS ONE : 

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm

Step #2: Install Denyhosts

Type the following command:
# yum -y install denyhosts

Step #3: Configure Denyhosts

The default configuration file is located at /etc/denyhosts/denyhosts.cfg.

Allow Your Computer To Access sshd

You need to setup a whitelist so that you never want to block yourself using this script. Edit /etc/hosts.allow, enter:
# vi /etc/hosts.allow
Allow sshd from 202.54.1.2 and 203.51.2.3:
sshd: 202.54.1.2 203.51.2.3
Save and close the file.

Setup Alert Email ID

Edit /etc/denyhosts/denyhosts.cfg, enter:
# vi /etc/denyhosts/denyhosts.cfg
If you would like to receive emails regarding newly restricted hostsand suspicious logins, set this address to match your email address. Ifyou do not want to receive these reports # leave this field blank (orrun with the --noemail option). Multiple email addresses can bedelimited by a comma, eg:
 

ADMIN_EMAIL = pctipsbyanu@yahoo.com, pctipsbyanu@gmail.com
ADMIN_EMAIL = pctipsbyanu@gmail.com

Save and close the file. Here is my own sample configuration filefor RHEL / CentOS 5.x server / vps box - config file is documented verywell, just open and read it:
       ############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 7d
BLOCK_SERVICE = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /usr/share/denyhosts/data
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/lock/subsys/denyhosts
############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = pctipsbyanu@yahoo.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts
SMTP_SUBJECT = DenyHosts Report
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
DAEMON_LOG = /var/log/denyhosts
 
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
######### THESE SETTINGS ARE SPECIFIC TO ##########
######### DAEMON SYNCHRONIZATION ##########
 

Turn On Denyhosts

Type the following commands:
# chkconfig denyhosts on
# service denyhosts start

How do I view Denyhosts Log?

Type the command:
# tail -f /var/log/denyhosts
# tail -f /var/log/secure


Have a fun....

You can leave a response, or trackback from your own site.

About 'Anu': My name is 'Anu' also Known as 'ANU 007 TIGER' .I'm administrator of 'PC Tips by Anu' blog .This blog was opened for sharing contents about hacking n cracking.
Thanks YAHOO OR GMAIL

0 comments:

Post a Comment

 
Back to Top