Ppentest

Mengamankan Server Linux [Tips] Part II | Failban

Failban memiliki fungsi memeriksa log pada /var/log/auth.log atau /var/log/secure untuk mendektesi ada nya ip yang melakukankegiatan yang tidak senonoh :-p . IP si tersangka akan terblock secara otomatis oleh ip tables jika tersangka gagal lokin dalam jangaka waktu beberapa kali ūüė°

Ubuntu:

sudo apt-get install fail2ban

Centos:

sudo yum install fail2ban

Edit /etc/fail2ban/jail.conf
#si admin nanti di email kalo ada aktifitas yang aneh-aneh
action = %(action_mwl)s

#Konfigurasi untuk SSH. 3000 adalah lamanya (detik) IP hacker itu akan kita block.
[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 3
bantime = 3000
Hasil Kerja Failban
/var/log/fail2ban:
2012-11-03 11:00:46,909 fail2ban.actions: WARNING [ssh] Ban 172.140.150.6
2012-11-03 11:10:47,475 fail2ban.actions: WARNING [ssh] Unban 172.140.150.6
2012-11-04 04:00:53,286 fail2ban.actions: WARNING [ssh] Ban 64.175.229.250
2012-11-04 04:10:53,801 fail2ban.actions: WARNING [ssh] Unban 64.175.229.250

Ip tables nya

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
DROP       all  --  58.17.36.25         0.0.0.0/0           
DROP       all  --  78.111.96.38         0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

 


Hi,
The IP 56.17.36.25 has just been banned by Fail2Ban after
3 attempts against ssh.
Here are more information about 56.17.36.115:

		
Advertisements
Standard
Linux, Networking, Opensource, Server

smb.conf default

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
   workgroup = MYGROUP

# server string is the equivalent of the NT Description field
   server string = Samba Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes

# you may wish to override the location of the printcap file
;   printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
;   printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
;   printing = bsd

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /usr/local/samba/var/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = user

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>

# Note: Do NOT use the now deprecated option of "domain controller"
# This option is no longer implemented.

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /usr/local/samba/lib/smb.conf.%m

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
   socket options = TCP_NODELAY 

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24 

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = yes 

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = yes

# Enable this if you want Samba to be a domain logon server for 
# Windows95 workstations. 
;   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one	WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
   dns proxy = no 

#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes

# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /usr/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

# Other examples. 
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
Standard
Linux, Networking, Server

Telnet Server Configuration (RedHat/CentOS):

In this scenario:

IP Address of Telent Server = 192.168.1.111
1. First install the required package (telnet-server):

yum install telnet-server
2. Edit telnet configuration file (telnet) located in /etc/xinetd.d:

vim /etc/xinetd.d/telnet

service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure  += USERID
disable = no
}
Note: In above configuration file just replace disable = yes with disable = no

3. Start the required service.

service xinetd start


4. Set xinetd to automatically start at boot time.

chkconfig xinetd on

Note: By default root login for telnet connection is disable. To enable it take following steps:

1. Edit /etc/securetty file to add pts/0 to enable one telnet session for root. if you need to open more telnet session for root and add more pts/1 pts/2 and so on.

vim /etc/securetty

#add following at the end of file#
pts/0
pts/1
pts/2

2. Restart xinetd service.

service xinetd restart

Connecting Telnet Server from the other computer in a network:

1. If you want to connect Telnet Server from Linux Computer you, run following command in Linux Terminal.

telnet <ip address of telnet server>

telnet 192.168.1.111

[root@wpc ~] # telnet 192.168.1.111
Trying 192.168.1.111…
Connected to 192.168.1.111 (192.168.1.111).
Escape character is ‘^]’.
CentOS release 5.4 (Final)
Kernel 2.6.18-164.el5 on an i686
login: user1
Password:
[user1@wpc ~]$


Note:

Type any username and it’s password other than root when login is prompted, and if you want to work as a root simply use su – command to switch to the root user.

2. If you want to connect Telnet Server from Windows Computer, run the same command at Command Prompt.
telnet 192.168.1.111

 

Configure telnet server on custom port number:


First configure your Telnet Server as above, then
edit /etc/services and replace the standard port 23 with your custom port number (for example: 1024)

telnet          1024/tcp                          # Telnet

telnet          1024/udp

Standard