Instalasi Aplikasi Denyhosts untuk Melindungi Akses SSH

Salah satu masalah utama jika akses SSH server dibuka untuk keperluan remote adalah adanya user lain (cracker, hacker) yang coba-coba mendapatkan akses masuk kedalam sistem. Hal ini bisa diantisipasi dengan berbagai macam cara, misalnya dengan mengubah port default SSH, tidak membolehkan akses root secara remote, hanya membolehkan host tertentu untuk akses dan lain-lain.

Contoh berikut adalah log cracker yang ingin mencoba masuk kedalam sistem :

Sep 6 23:44:33 myhostname sshd[22483]: Invalid user operator from 119.6.62.xxx
Sep 6 23:44:37 myhostname sshd[22488]: Invalid user operator from 119.6.62.xxx
Sep 6 23:44:43 myhostname sshd[22494]: Invalid user operator from 119.6.62.xxx
Sep 6 23:44:46 myhostname sshd[22499]: Invalid user operator from 119.6.62.xxx
Sep 6 23:44:48 myhostname sshd[22504]: Invalid user operator from 119.6.62.xxx
Sep 6 23:44:51 myhostname sshd[22509]: Invalid user operator from 119.6.62.xxx
Sep 6 23:44:54 myhostname sshd[22514]: Invalid user oracle from 119.6.62.xxx
Sep 6 23:44:56 myhostname sshd[22519]: Invalid user oracle from 119.6.62.xxx
Sep 6 23:44:59 myhostname sshd[22524]: Invalid user oracle from 119.6.62.xxx
Sep 6 23:45:02 myhostname sshd[22530]: Invalid user oracle from 119.6.62.xxx
Sep 6 23:45:05 myhostname sshd[22689]: Invalid user oracle from 119.6.62.xxx
Sep 6 23:45:07 myhostname sshd[22773]: Invalid user oracle from 119.6.62.xxx
Sep 6 23:45:10 myhostname sshd[22904]: Invalid user oracle from 119.6.62.xxx
Sep 6 23:45:13 myhostname sshd[22954]: Invalid user oracle from 119.6.62.xxx
Sep 6 23:45:15 myhostname sshd[22962]: Invalid user oracle from 119.6.62.xxx

Seperti bisa dilihat pada log diatas, pengakses mencoba dictionary attack menggunakan berbagai nama user untuk mencoba akses. Meski akses tersebut gagal dilakukan, server tetap terbebani karena terpaksa melayani request yang masuk.

Salah satu cara yang bisa ditempuh untuk melindungi akses SSH adalah dengan menggunakan aplikasi denyhosts. Aplikasi denyhosts melindungi ssh dengan cara memasukkan IP pengakses kedalam daftar blacklist jika beberapa kali salah memasukkan password.

Proses instalasi dan apliksinya sangat mudah. Berikut adalah proses instalasi pada openSUSE 11.3 :

  1. Buka [http://software.opensuse.org/search openSUSE Build Service]. Cari aplikasi denyhosts. Sesuaikan versi openSUSE yang digunakan. Jika tidak ada aplikasi untuk versi openSUSE yang digunakan, silakan ambil paket untuk versi yang berdekatan, misalnya SLES 11 SP1 bisa menggunakan package untuk SLES 11 atau untuk openSUSE 11.1, 11.2 atau untuk openSUSE 11.3.
  2. Install menggunakan one-click-install
  3. Review file konfigurasi /etc/denyhosts.conf. Pada distro openSUSE, denyhosts secara default akan menganalisa file log /var/log/messages, namun mungkin saja kita perlu mengubah nama file log untuk dianalisa, misalnya jika menggunakan aplikasi Zimbra, denyhosts bisa diperintahkan untuk mengakses file log /var/log/zimbra.log. Check juga mengenai jumlah maksimum kesalahan pemasukan password dan pilihan lain yang tersedia.
  4. Jika konfigurasi sudah sesuai, jalankan denyhosts dengan perintah : 
    
service denyhosts start
service denyhosts status
  5. Jika menginginkan agar denyhosts otomatis berjalan saat booting, aktifkan service denyhosts dengan perintah : 
    
chkconfig denyhosts on
  6. File log denyhosts bisa ditemukan di /var/log/denyhosts. Jika ada pengakses yang diblaclist karena memenuhi syarat (misalnya gagal memasukkan password sebanyak 5X), denyhosts akan memasukkan IP pengakses kedalam file /etc/hosts.deny

    7. Berikut adalah contoh saat denyhosts memblacklist salah satu IP :

    Sep 06 23:50:24 – denyhosts : INFO restricted: set([])
    Sep 06 23:50:24 – denyhosts : INFO Processing log file (/var/log/zimbra.log) from offset (0)
    Sep 06 23:50:25 – denyhosts : INFO new denied hosts: ['119.6.62.xxx']

    Dan berikut isi file /etc/hosts.deny setelah IP diblacklist :

    myhostname:~ # cat /etc/hosts.deny

    # /etc/hosts.deny
    # See ‘man tcpd’ and ‘man 5 hosts_access’ as well as /etc/hosts.allow
    # for a detailed description.

    http-rman : ALL EXCEPT LOCAL

    ALL: 119.6.62.xxx

    Denyhosts, aplikasi simple namun bermanfaat :-)

Artikel Terkait

Tags: , , , , ,

categories Blogger | Masim "Vavai" Sugianto September 7, 2010 | comments Comments Off

How To : Samba PDC+OpenLDAP on openSUSE/SLES Part 2 (Finish)

Previous tutorial : Samba PDC+OpenLDAP on openSUSE/SLES Part 1, Setting LDAP Server

SETTING LDAP CLIENT

  1. Click YAST | Network Services | LDAP Client
  2. Click Use LDAP pada User Authentication
  3. Fill in Address with server IP or by using 127.0.0.1 as default address
  4. Mark  LDAP TLS/SSL option checked if you choose to use TLS/SSL on previous tutorial, or vice versa, leave it unchecked if you choose to not use TLS on previous tutorial 
  5. Fill in LDAP Base DN (dc=namadomain, dc=tld, ex : dc=vavai,dc=co,dc=id). You may also get the LDAP Base DN by clicking  Fetch DN button
  6. Leave others option as is
    `
  7. Click Advanced Configuration
  8. Change Password Change Protocol to MD5
  9. Leave option Group Member Attribute = Member unchanged
    `

  10. Click Administration Setting
  11. Fill in cn=Administrator on Administrator DN. Don’t forget to give a check on Append Base DN option
  12. Mark a check on Create Default Configuration Objects option
    `
  13. Click OK
  14. Click OK

SETTING SAMBA SERVER PRIMARY DOMAIN CONTROLLER (PDC)

  1. Open YAST | Network Services | Samba Server
  2. Fill in workgroup/domain name on first wizard. I’m usingdomain vavai.co.id as my workgroup name. Click Next
    `
  3. On Samba Server Type option, choose Primary Domain Controller (PDC). Click Next
  4. On start-up tab, choose Service Start During Boot option, so Samba will automatically started on boot. Don’t forget to click Open Port in Firewall if you use firewall on intranet zone
    `
  5. Move to LDAP Setting tab.
  6. Click on Use LDAP Password Back-End
  7. Fill in  Administrator DN and password setting (cn=Administrator,dc=vavai,dc=co,dc=id, adjust it with your domain name). Click Test Connection to test LDAP server connection. If test result is failed, recheck your configuration setting.
    `
  8. Click OK and then fill in Samba root /Administrator password
    `

SETTING USER NAME & PASSWORD

  1. Click on YAST | Security and Users | User & Group Management
  2. Click Expert Options | LDAP User & Group Configuration option on bottom-right-corner menu
  3. Fill in LDAP Admin password (see whether your bind DN configuration has setup correctly)
  4. Move to Configuration Module, and then choose  userconfiguration
    `
  5. Change susemaxpasswordlength with your maximum password length
  6. Change suseminpasswordlength with your minimum password length
  7. Change susepasswordhash from SSHA to  SMD5
  8. Click OK
  9. Click on Set Filter option on top-right-corner menu and choose LDAP Users. This will display all LDAP user list, currently are empty because we have create any user yet
  10. Click Add
  11. Fill in user profile and password
    `
  12. Click OK

Restart all service (or reboot your computer) to test all the service. f you wish to join Windows workstation into Samba PDC+LDAP domain, use the Samba root user name and password as Administrator user. Share folder, Profile, netlogon and custom setting could be modified within YAST | Network Services | Samba Server. Samba LDAP user could be added or modify with the above procedure using YAST | Security & Users | User & Group Management.

Related Entries

Tags: , , , , ,

categories Uncategorized | Masim "Vavai" Sugianto March 30, 2010 | comments Comments Off

Integrasi Single Sign On Zimbra Mail Server & Samba PDC Bagian 3

Artikel Sebelumnya :

Bagian 1 : Penjelasan Awal Mengenai Integrasi Single Sign On Samba-Zimbra
Bagian 2 : Konfigurasi Zimbra LDAP, NSS-LDAP, PAM-LDAP & Samba

Samba domain pada Zimbra Admin

Restart service samba dengan perintah pada konsole :

service smb restart

Login ke Zimbra Admin (jika sudah login, logout dulu, kemudian login kembali) dan perhatikan pada bagian panel kiri, sudah [...]

categories Uncategorized | Masim "Vavai" Sugianto March 29, 2010 | comments Comments Off

Maximal Service of Your PC

When your computer is not in normal condition, just take it to the expert for improvement. It is obvious that you cannot work normally when your computer get damaged. That is why you need to have it repaired as soon as possible. In case your computer is being attacked by malware or any kinds of viruses, just remove all of them away for maximal performance. If you need instant computer service, just come to Stpaulpcrepair.Com.

Several services offered by this site are: hardware install, virus removal, printer setup and many more. Of so many pc service providers out there, this site has something special to you by providing flat price. For detailed information of each package available at St. Paul PC repair, just check out a list that informs   pricing method at homepage of this site. In addition to providing you with PC service, this site also offers service of PS3 and XBOX 360 repair.

So, just take your time to make your computer running in place by employing regcure registry cleaner. In response to your need of such product, this site is here to give assistance. For detailed info, just give this site a call or straightly stumble upon this site.

Random Post

categories Uncategorized | Masim "Vavai" Sugianto February 9, 2010 | comments Comments Off

Unikom Linux Week 2010 : openSUSE Workshop @ Bandung-Indonesia

A friend of mine, Indonesian openSUSE Ambassador and also Indonesian openSUSE Community leader for Bandung West Java, Andi Sugandi has initiated Unikom Linux Week, an agenda for Linux promo but mostly covering openSUSE workshop :-) on February 2010 . Beside openSUSE, ULW will also host an Ubuntu and Blankon (Indonesian Local distro) workshop.

Andi asked me about the possibility to join the workshop and give a tutorial on one or two session. I emailed him that I’ll be support the event and accept the request.

I’ll be come to Bandung on Friday, February 12, 2010 to give a short course covering Zimbra Implementation on openSUSE. Click here for a complete schedule on Unikom Linux Week 2010.

Actually, Bandung is a beautiful town and well know as Paris van Java, so, I will also take the moment to my personal agenda : city tour and traveling to some beautiful places in Bandung with my family :-D

Related Entries

categories Uncategorized | Masim "Vavai" Sugianto January 20, 2010 | comments Comments Off