May 20, 2007

Block login failures on Linux

If you a run linux server with ssh access and you need to block Ip addresses after certain number of attempts, then I would recomend you to use fail2ban which is a opensource module that need little customization in order to get it to run.

It runs a as a service on the background so it provides real time log supervision and it can check not only for ssh failed attempts but SMTP, HTTP, and others.

Here I will just explain how to make it check for failed ssh attempts on a fedora box.

from the command line type:

Server:# yum install fail2ban

This will install all the modules and software needed to install and run fail2ban.

Once installed it places the configuration file in /etc/fail2ban.conf

The with your favorite editor you can edit this file. It is well documentend and it needs little explanation how it works, but I'll give you the basic to block unwanted ssh access

[DEFAULT]
maxfailures = number of failures before IP gets banned. Defaults to 5. but you can set this value to whatever numer you would like
bantime = number of seconds an IP will be banned. If set to a negative value, IP will never be unbanned (permanent banning). Defaults to 600 (10 min).
ignoreip = space separated list of IP’s to be ignored by fail2ban. No default. here you can add you own IP address just to avoid getting blocked just in case you forget your password

then you can go to the ssh section and set enabled to true and add the corresponding value for the logfile variable

[SSH]
enabled = true
logfile = /var/log/secure
port = ssh
timeregex = S{3}s{1,2}d{1,2} d{2}:d{2}:d{2}
timepattern = %%b %%d %%H:%%M:%%S
failregex = : (?:(?:Authentication failure|Failed [-/w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?PS*)


The fail2ban log can be found at /var/log/fail2ban.log unless you specify another location.

I hope this helps you to solve your security problem
at No comments:
Labels: , , , , , , , ,

Apr 19, 2007

Postfix on fedora core 5

It's likely you are looking for a good tutorial that will teach you step by step how to install postfix with virtual users and smtp auth in order to avoid unauthorized SMTP relays.

Well I have installed postfix on a fedora core 5 box using a manual posted at howtoforge.com.

This tutorial will take you step by step, certain thing might fail (postfix compilation failed on my server so I downloaded the rpm provided by the tutorial) but yet, it will tell you what to do in that case.


In case that you don;t find a solution to a problem in the manual you can go to forums and post your problem and in less than a day you get a response from howtoforge.

The tutorial links is this. enjoy it:

http://www.howtoforge.com/fedora_virtual_postfix_mysql_quota_courier
at No comments:
Labels: , , ,

Plesk control pannel limitations


When you purchase a hosting plan with a control panel you expect it to make your life easier.

Well it has not been my case, I got a server hosting with plesk control panel. First, plesk works with qmail, which is a little hard to configure. If you try to install other applications besides the ones that work with plesk, it might get corrupted as it happened to me.

I installed postfix with dovecot, but I had to remove courier-imap, after removing courier-imap, plesk stoped working.

So if you plan getting a server with a control panel I recommend you to search the web for limitations, and some other features your control panel might have.

Maybe swsoft improves plesk in the short future. It would be good to have a control panel that would allow you to configure (postfix, sendmail, qmail, etc) in such a way that with a few clicks you can multiple virtual domains running on a machine configure with plesk.
at No comments:
Subscribe to: Posts (Atom)