Ppentest

Mengamankan Server Linux [Tips] Part II | Failban

Failban memiliki fungsi memeriksa log pada /var/log/auth.log atau /var/log/secure untuk mendektesi ada nya ip yang melakukankegiatan yang tidak senonoh :-p . IP si tersangka akan terblock secara otomatis oleh ip tables jika tersangka gagal lokin dalam jangaka waktu beberapa kali 😡

Ubuntu:

sudo apt-get install fail2ban

Centos:

sudo yum install fail2ban

Edit /etc/fail2ban/jail.conf
#si admin nanti di email kalo ada aktifitas yang aneh-aneh
action = %(action_mwl)s

#Konfigurasi untuk SSH. 3000 adalah lamanya (detik) IP hacker itu akan kita block.
[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 3
bantime = 3000
Hasil Kerja Failban
/var/log/fail2ban:
2012-11-03 11:00:46,909 fail2ban.actions: WARNING [ssh] Ban 172.140.150.6
2012-11-03 11:10:47,475 fail2ban.actions: WARNING [ssh] Unban 172.140.150.6
2012-11-04 04:00:53,286 fail2ban.actions: WARNING [ssh] Ban 64.175.229.250
2012-11-04 04:10:53,801 fail2ban.actions: WARNING [ssh] Unban 64.175.229.250

Ip tables nya

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
DROP       all  --  58.17.36.25         0.0.0.0/0           
DROP       all  --  78.111.96.38         0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

 


Hi,
The IP 56.17.36.25 has just been banned by Fail2Ban after
3 attempts against ssh.
Here are more information about 56.17.36.115:

					
Standard
Linux, Networking, Opensource, Server

Mengamankan Server Linux [Tips] Part I

Matikan Akses SSH Root

/var/log/auth.log coba cek log siapa saja yang mencoba masuk kedalam server melalui SSH.

Nov  2 21:09:56 mars sshd[29617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.3.56  user=root
Nov  2 21:09:58 mars sshd[29617]: Failed password for root from 119.188.3.56 port 53661 ssh2
Nov  2 21:10:02 mars sshd[29619]: Invalid user abuse from 119.188.3.56
Nov  2 21:10:02 mars sshd[29619]: pam_unix(sshd:auth): check pass; user unknown
Nov  2 21:10:02 mars sshd[29619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.3.56 
Nov  2 21:10:04 mars sshd[29619]: Failed password for invalid user abuse from 119.188.3.56 port 55378 ssh2
Nov  2 21:10:08 mars sshd[29621]: Invalid user ac from 119.188.3.56
Nov  2 21:10:08 mars sshd[29621]: pam_unix(sshd:auth): check pass; user unknown
Nov  2 21:10:08 mars sshd[29621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.3.56 
Nov  2 21:10:10 mars sshd[29621]: Failed password for invalid user ac from 119.188.3.56 port 56595 ssh2

 

Matikan SSH --> nano /etc/ssh/sshd_config
PermitRootLogin no
Buat user dengan nama se alay mungkin tapi mudah diingat.
usermod -G wheel alay321
usermod -G sudo alay321
-wheel untuk RHEL
-sudo untuk DEB

Tambahkan baris ini:
di DEB:
%sudo ALL=(ALL) ALL

di Redhat:

%wheel ALL=(ALL) ALL
Test dengan login ke Server dengan SSH user alay321. setelah itu jadikan root dengan perintah.
sudo -i

 

 


 

Standard
Cisco, Networking

InterVlan [Packet Tracer]

intvlan1

Config Switch VTP:

Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#vtp domain intervlan
Changing VTP domain name from NULL to intervlan
Switch(config)#vtp password cisco
Setting device VLAN database password to cisco
Switch(config)#hostname VTP
VTP(config)#int range fa0/1 – 5
VTP(config-if-range)#switchport access vlan 100
% Access VLAN does not exist. Creating vlan 100
VTP(config-if-range)#int range fa0/6 – 10
VTP(config-if-range)#switchport access vlan 200
% Access VLAN does not exist. Creating vlan 200
VTP(config-if-range)#int range fa0/23 -24
VTP(config-if-range)#switchport mode trunk
VTP(config-if-range)#
VTP(config-if-range)#exit

Config switch ke 2

switch2(config)#vtp mode client
Device mode already VTP CLIENT.
switch2(config)#vtp domain intervlan
Domain name already set to intervlan.
switch2(config)#vtp pass
switch2(config)#vtp password cisco
Setting device VLAN database password to cisco
switch2(config)#do sh vlan

switch2(config)#int range fa0/1 – 5
switch2(config-if-range)#switchport access vlan 100
switch2(config-if-range)#int fa0/6 10
switch2(config-if-range)#int fa0/6-10
switch2(config-if-range)#int fa0/6 – 10
switch2(config-if-range)#int range fa0/6 – 10
switch2(config-if-range)#switchport access vlan 200

 

File .pkt bisa didownload di halaman grup –>  https://www.facebook.com/groups/kuliax/

Standard