Archive for the 'General' Category

SSHD Filter

magnet January 22nd, 2008

Installing and configuring SSHD Filter
Introduction - SSHDFilter is open source tool by which we can manage SSH service effectively and we can secure our system from brute force attack. This tools will block brute force attack by using IPtables.

You can downaload the sshdfilter from the following location http://www.csc.liv.ac.uk/~greg/sshdfilter/ and then untar the tar.gz file…

#wget -c http://www.csc.liv.ac.uk/~greg/sshdfilter-1.5.5.tar.gz
#tar xvzf sshdfilter-1.5.5.tar.gz
#cd sshdfilter-1.5.5

1] Decide which linux distribution .partconf file you need to use -

rh7390 - RedHat 7.3, RedHat 9.0, Fedora Core 2.0 or CentOS 4.3
rhFC30 - RedHat Fedora Core 3.0, Fedora Core 4.0, Red Hat Enterprise Linux ES release 4, or CentOS 3.x
deb31 - Debian 3.1 (sarge) or Debian (sid, but see README.debian)
su10rc1 - SuSe 10.0 RC 1, Gentoo and Slackware
dbear - Dropbear, a light weight sshd daemon

(Our distribution was Fedora 5 so we selected rhFC30)

#cat etc/sshdfilterrc patterns/rhFC30.partconf > /etc/sshdfilterrc

2] Edit /etc/sshdfilterrc to suit your needs -

make sure that below two rules are uncommented, These are the blocking and unblocking rules.

#vi /etc/sshdfilterrc

firewalladd=’iptables -A $chain -p tcp -s $ip –dport 22 -j DROP’
firewalldel=’iptables -D $chain -p tcp -s $ip –dport 22 -j DROP’

Set the CHAIN -
chain=’SSHD’
If you would like to set a mailer you can set it from here:
#mail=’mail -s \”sshdfilter event for $ip, $event\” greg\@abatis.flint’
Set the sshd path, from where the sshd daemon is or will be running :-
sshdpath=’/usr/sbin/sshd’
Now comes the main part of setting the user Policy : this will define the number of attempts that should be allowed and what is to be done after the number of failures, These are the policies through which we can block the unwanted ssh attacks -

(At present we have set the following policies )
4,3d=INVALID
2,5d=’^root$’
4,3d=’^magnet$’
0,8d=NOID
The First Policy “4,3d=INVALID” defines , if any person trying to ssh to the server with an invalid username, after 4 attempts , his name will get inserted into the iptables SSHD chain and he will get blocked for 3 days.
The Second Policy ” 9,3d=’^root$’ ” defines, if any peroson tries to ssh the server with root as the user, after 2 unsuccessfull attempts, his name will get inserted into iptables and he will be blocked for 5 days.
The Third Policy ” 4,3d=’^magnet$’ ” is similiar to the second one, If any person, trying to ssh the server with magnet as the user, after 4 unsuccessfull attempts, his name will get inserted into iptables and he will be blocked for 3 days. Please note, Here magnet is one of the users on the server, You can mention the users of your server.
The Fourth Policy ” 0,8d=NOID ” defines, Catch and block all No ssh id events, instant block for 8 days.

You can add more policies to the policy section, the specifications are mentioned in the file.
Once the policies and settings have been done, save and exit the file.

3] Add the SSHD chain to your iptables firewall setup -
#iptables -N SSHD

#/etc/init.d/iptables save

4] Add a jump to SSHD rule with something like -

# iptables -A INPUT -p tcp -m tcp –dport 22 -j SSHD

copy sshdfilter.pl to /usr/sbin/sshdfilter, or maybe /usr/local/sbin/sshdfilter -

#cp source/sshdfilter.pl /usr/sbin/sshdfilter

Copy the man pages sshdfilter.1 and sshdfilterrc.5 to /usr/share/man/man{1,5} respectively -

#cp man/sshdfilter.1 /usr/share/man/man1/
#cp man/sshdfilterrc.5 /usr/share/man/man5/

Then copy the sshdfilter and sshd file to /etc/init.d/sshdfilter and start services…
(Before doing the above step, Please ensure to take a backupof the original sshd file)

#cp etc/init.d/sshdfilter /etc/init.d/
#cp etc/init.d/sshd.rhFC30 /etc/init.d/sshd
#/etc/init.d/sshdfilter start
#/etc/init.d/sshd restart

5] To confirm that sshdfilter is running -

# ps -aux | grep ssh
/usr/bin/perl /usr/sbin/sshdfilter
/usr/sbin/sshd -e -D

You should be seeing some output like the above one, that is the sshdfilter process and the sshd should be running with the -e and -D options.

If you see the above outputs, the installation is complete and you are done with SSHD, you can now try doing some ssh attacks to your server.

6] You can check the logs in -

#tail -f /var/log/secure
OR
#tail -f /var/log/messages

Hope this tutorial was helpful to you, we would like to have some feedbacks from you.
Please feel free to mail.

Thank You,
Magnet Systems Team .

E-GroupWare !!!!

lokesh.ahire December 25th, 2007

A Warm Welcome from Suhail Thakur …….

“The Egroupware Fable”

We had got this project of installing egroupware on one of our clients server. Something that we had never heard about, So our first task was to find out what actaully EGroupware is, this required a little bit of googling, and this is what we found :

eGroupware is a free enterprise ready groupware software for your network. It enables you to manage contacts, appointments, todos and many more for your whole business. It comes with a native web-interface which allows to access your data from any platform all over the planet. Moreover you also have the choice to access the eGroupware server with your favorite groupware client (Kontact, Evolution, Outlook) and also with your mobile or PDA via SyncML. eGroupWare is platform independent.

In short what we can say, egroupware is like a Content Management System, which allows you to manage your contacts, check your emails, manage your websites, manage your files and many other features.

After we were through what egroupware was, now was the main part where we need to know what are the prerequisites and what is the configuration reuiqred.

It was not easy, when we first started with the requirements of egrouware, we came to know after we had downloaded the egroupware installation package and we started with the egroupware installation test. And we realised that we will have to recompile apache and as well as PHP. That was ok. But still the main task was to clear up all the warning messages that the egroupware installation page would show. Even after PHP was recompiled and reconfigured we then realised that it was still not over. There were many packages that the egroupware required and which we had still not installed. you can say these were the kerberos which is related to the gcc, g++ and gcc-c++ packages and the libjpg, libpng and libfreetypedir, liblstool, libmcrypt.

Even after doing all the above tasks, the warnings were still not cleared, we were on the debugging path trying to find what went missing, and finally found that its the libmcrypt that has been installed. The thing is, libmcrypt needs to be installed with POSIX thread disabled, so again a little bit of googling and it was done and there PHP was ready to take on the egrouware.

There’s this new thing we found about PHP that was required with for the Egroupware and that is the PEAR, its a name of a fruit. But here PEAR is PHP Extension and Application Repository.

After PEAR was done, we were ready to go ahead with the egrouware and as per the steps mentioned, we entered the required details about the server and its mail mysql application and Egroupware was all setup and DONE.

If you would like to know the steps required for installation of Egroupware, you can visit our Little Blog at :

http://www.egroupware.co.nr

Thank You

Systems Team
Magnet Technologies

www.magnettechnologies.com

 

A Warm Welcome From Ami !!!

lokesh.ahire November 16th, 2007

“Hi Friends!!”

I am planning to have something up from my side daily based on following categories - one for each day !

1. Personal - Monday - When you are back at office after a cool week end :( you have something personal to share !
2. Technology - Tuesday - It’s time to work ! :(
3. Literature - Wednesday - Kuchh sher-o-shayari ho jaye ! :)
4. Inspiration - Thursday - In the midst of week you really need inspirationton continue your work ! :)
5. Fun - Friday - It’s time for Fun Friday ! :)

6. Working Saturday - Sorry ! I am too busy in planning my Sunday and no time to write blog…………

I hope I will continue writing and will be in touch with you all………

Save Power!

nirav April 19th, 2007

Save Electricity Mumbai is abuzz with drives to save electricity. We have faced more energy problems in the last one year, than last five years put together. I studied energy crisis, green house effect, global warming etcetra in school. Was scared to see The Day After Tomorrow and An Inconvenient Truth (of Al Gore).

Mumbai drains a lot of electricity. Reports say that Mumbai’s demand strains the supply. High levels are meeting to discuss the issues - to decide if the city will face more load shedding or not, and the supply to other parts of the state. And earlier government had said Mumbai will not face problems.

Amongst all this, Mumbaikars are getting more aware of the problems. Billboards are sporting “I will (save electricity), Mumbai will” ads. We are putting of lights when not needed, and we are switching off the television after watching.

Save Power! I will, Mumbai will!

Mumbai Photo Marathon - one week away - 22nd April

nirav April 15th, 2007

Taking on from the lead from Kapil, and my initial post, I am set for a full day of photography in Mumbai on the coming Sunday. A few friends have already shown interest including Kapil, Harsh and Kartik. Would be great if more people can join.

Here’s the idea:

Amature / Professional photographers take a day tour of Mumbai, clicking shots based on 3 distinct themes. Everyone submits 12 best shots from the ones they have taken, and we pool them together. All participants may meet at the end of the day and share their photos and stories.

What do you get?

  • Privilege of participating in first such even in Mumbai ;-)
  • An opportunity to exeprience Mumbai
  • A reason to freak out

So what are the themes?

  • Roadside Mumbai
  • Mumbai Rush
  • Tourists in Mumbai

Drop me an email if you would like to join. The email is nirav (at) mehtanirav . com

Let us know your comments in any case!

Next »