[XCSSA] Logging & dynamic firewall program(s)

xcssa@xcssa.org xcssa@xcssa.org
22 Oct 2007 22:26:28 -0500 

Thanks Jeremy, 

I hadn't read into DenyHosts enough to see that.  And it was sounding
pretty good, then... 

I was reading up on xinted's set up.  I found there is actually some
nice stuff built into the new xinted that will allow some controls right
in xinetd.  

Everything was looking up when I noticed that pop3 was missing in the
xinetd.d folder.  A little more investigation and I found that this set
up runs Dovecot as a standalone server - not via xinetd.  I've spent the
last two hours going thru the Dovecot config file and don't immediately
see a way to use TCP Wrappers with it.  More investigation needed - but
that might again rule out using DenyHosts. 

I'm still working on it.  And in the reading up today - I found there is
a way to fix the overlay authentication that keeps breaking.  But it
means converting the authentication from a database to a flat file. 
While it fixes the database corruption that keeps occurring, it seems a
step backwards and is kinda big change.  So, I'm going to hold that for
a last-resort option. 

Thanks again Jeremy. 


Chuck 




On Mon, 2007-10-22 at 13:20, xcssa-admin@xcssa.org wrote: 
    On 22 Oct 2007 13:13:48 -0500, xcssa-admin@xcssa.org
    <xcssa-admin@xcssa.org> wrote:
    
    >  Most of the hacks I'm dealing with these days are FTP and POP3.  The same
    > authentication module controls them as SSH and it breaks with a sustained
    > hack attempt.  So, I'd like to put some dynamic firewall package in place
    > while waiting on the fix to the authentication module.
    
    DenyHosts works for anything that uses tcp_wrappers including POP3 and
    FTP. Its just commonly used for SSH. Change:
    
    BLOCK_SERVICE = sshd
    
    to
    
    BLOCK_SERVICE = ALL
    
    Another function I see is the ability to write the offending host to a
    file and do nothing. You could then parse this file and add it to an
    existing iptables table.
    
    
    -- 
    Jeremy Mann
    jeremy@biochem.uthscsa.edu
    
    University of Texas Health Science Center
    Bioinformatics Core Facility
    http://www.bioinformatics.uthscsa.edu
    Phone: (210) 567-2672
    _______________________________________________
    XCSSA mailing list
    XCSSA@xcssa.org
    http://xcssa.org/mailman/listinfo/xcssa
    
    -- 
    This message has been scanned for viruses and
    dangerous content by MailScanner, and is
    believed to be clean.