Monthly Archives: May 2013

Ppentest

Mengamankan Server Linux [Tips] Part II | Failban

Failban memiliki fungsi memeriksa log pada /var/log/auth.log atau /var/log/secure untuk mendektesi ada nya ip yang melakukankegiatan yang tidak senonoh :-p . IP si tersangka akan terblock secara otomatis oleh ip tables jika tersangka gagal lokin dalam jangaka waktu beberapa kali 😡

Ubuntu:

sudo apt-get install fail2ban

Centos:

sudo yum install fail2ban

Edit /etc/fail2ban/jail.conf
#si admin nanti di email kalo ada aktifitas yang aneh-aneh
action = %(action_mwl)s

#Konfigurasi untuk SSH. 3000 adalah lamanya (detik) IP hacker itu akan kita block.
[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 3
bantime = 3000
Hasil Kerja Failban
/var/log/fail2ban:
2012-11-03 11:00:46,909 fail2ban.actions: WARNING [ssh] Ban 172.140.150.6
2012-11-03 11:10:47,475 fail2ban.actions: WARNING [ssh] Unban 172.140.150.6
2012-11-04 04:00:53,286 fail2ban.actions: WARNING [ssh] Ban 64.175.229.250
2012-11-04 04:10:53,801 fail2ban.actions: WARNING [ssh] Unban 64.175.229.250

Ip tables nya

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
DROP       all  --  58.17.36.25         0.0.0.0/0           
DROP       all  --  78.111.96.38         0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0


 






Hi,
The IP 56.17.36.25 has just been banned by Fail2Ban after
3 attempts against ssh.
Here are more information about 56.17.36.115:





			

			
								

		
		Standard
	



			
				


	

		
		

			Linux, Networking, Opensource, Server
Mengamankan Server Linux [Tips] Part I
		


		

				

			
Matikan Akses SSH Root


/var/log/auth.log coba cek log siapa saja yang mencoba masuk kedalam server melalui SSH.




Nov  2 21:09:56 mars sshd[29617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.3.56  user=root
Nov  2 21:09:58 mars sshd[29617]: Failed password for root from 119.188.3.56 port 53661 ssh2
Nov  2 21:10:02 mars sshd[29619]: Invalid user abuse from 119.188.3.56
Nov  2 21:10:02 mars sshd[29619]: pam_unix(sshd:auth): check pass; user unknown
Nov  2 21:10:02 mars sshd[29619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.3.56 
Nov  2 21:10:04 mars sshd[29619]: Failed password for invalid user abuse from 119.188.3.56 port 55378 ssh2
Nov  2 21:10:08 mars sshd[29621]: Invalid user ac from 119.188.3.56
Nov  2 21:10:08 mars sshd[29621]: pam_unix(sshd:auth): check pass; user unknown
Nov  2 21:10:08 mars sshd[29621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.3.56 
Nov  2 21:10:10 mars sshd[29621]: Failed password for invalid user ac from 119.188.3.56 port 56595 ssh2




 


Matikan SSH --> nano /etc/ssh/sshd_config
PermitRootLogin no
Buat user dengan nama se alay mungkin tapi mudah diingat.




usermod -G wheel alay321
usermod -G sudo alay321




-wheel untuk RHEL
-sudo untuk DEB

Tambahkan baris ini:
di DEB:










%sudo ALL=(ALL) ALL










di Redhat:


%wheel ALL=(ALL) ALL
Test dengan login ke Server dengan SSH user alay321. setelah itu jadikan root dengan perintah.




sudo -i






 


 




 

					

		
		Standard
	



			
				


	

		
		

			Cisco, Networking
InterVlan [Packet Tracer]
		


		

				

			
intvlan1


Config Switch VTP:


Switch(config)#vtp mode server

Device mode already VTP SERVER.

Switch(config)#vtp domain intervlan

Changing VTP domain name from NULL to intervlan

Switch(config)#vtp password cisco

Setting device VLAN database password to cisco

Switch(config)#hostname VTP

VTP(config)#int range fa0/1 – 5

VTP(config-if-range)#switchport access vlan 100

% Access VLAN does not exist. Creating vlan 100

VTP(config-if-range)#int range fa0/6 – 10

VTP(config-if-range)#switchport access vlan 200

% Access VLAN does not exist. Creating vlan 200

VTP(config-if-range)#int range fa0/23 -24

VTP(config-if-range)#switchport mode trunk

VTP(config-if-range)#

VTP(config-if-range)#exit


Config switch ke 2


switch2(config)#vtp mode client

Device mode already VTP CLIENT.

switch2(config)#vtp domain intervlan

Domain name already set to intervlan.

switch2(config)#vtp pass

switch2(config)#vtp password cisco

Setting device VLAN database password to cisco

switch2(config)#do sh vlan


switch2(config)#int range fa0/1 – 5

switch2(config-if-range)#switchport access vlan 100

switch2(config-if-range)#int fa0/6 10

switch2(config-if-range)#int fa0/6-10

switch2(config-if-range)#int fa0/6 – 10

switch2(config-if-range)#int range fa0/6 – 10

switch2(config-if-range)#switchport access vlan 200


 


File .pkt bisa didownload di halaman grup –>  https://www.facebook.com/groups/kuliax/

					

		
		Standard