Instalasi dan Konfigurasi Denyhosts di FreeBSD 7

By : Kabayan Pertamanya sech masih semanget 45 buat audit semua log, Apalagi auth.log biar keliatan kerjanya sibuk gitu. Tapi lama2 mumet ju...

By : Kabayan
Pertamanya sech masih semanget 45 buat audit semua log, Apalagi auth.log biar keliatan kerjanya sibuk gitu. Tapi lama2 mumet juga baca2 log. Terus gondok juga pas nyalain monitor gateway isinya attemp login bla... bla... bla... Akhirnya, sama temen dikasih aplikasi yang pake perl, karena mintanya buat linux, hehehehe. Iseng-iseng nge-list port security, ketemu dach aplikasi ini.
Denyhosts apaan sech? menurut deskripsi di /usr/port/security/denyhosts/pkg-desc:
DenyHosts is a script intended to be run by *nix system administrators to help thwart ssh server attacks.

If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed to see how many hackers attempted to gain access to your server. Denyhosts helps you:
  • Parses /var/log/auth.log to find all login attempts
  • Can be run from the command line, cron or as a daemon (new in 0.9)
  • Records all failed login attempts for the user and offending host
  • For each host that exceeds a threshold count, records the evil host
  • Keeps track of each non-existent user (eg. sdada) when a login attempt failed.
  • Keeps track of each existing user (eg. root) when a login attempt failed.
  • Keeps track of each offending host (hosts can be purged )
  • Keeps track of suspicious logins
  • Keeps track of the file offset, so that you can reparse the same file
  • When the log file is rotated, the script will detect it
  • Appends /etc/hosts.allow
  • Optionally sends an email of newly banned hosts and suspicious logins.
  • Resolves IP addresses to hostnames, if you want
Translate sendiri yach, saya di sini cuma mau share installasi dan configurasinya doank.
1. Biasalah, masuk ke /usr/port/security/denyhosts
# cd /usr/port/security/denyhosts
# make install clean
Mari kita baca kho ping ho sambil nunggu installasi selesai.
2. Seting denyhosts.conf nya sayah mah seperti ini:
# ee /usr/local/etc/denyhosts.conf

log file yang dibaca sama aplikasi
SECURE_LOG = /var/log/auth.log

Daftar host yang udah kena deny
HOSTS_DENY = /etc/hosts.denied

# Ngelepas blok secara otomatis
PURGE_DENY = 5d # artinya 5 hari kemudian tu ip baru dilepas blokannya.

# Yang ini saya bingung translatenya. Pokonya gitu dech
PURGE_THRESHOLD = 0

# Definsi service apaan aja yg di blok. Daripada pusing, semua aja di blok dach.
BLOCK_SERVICE = ALL

# Berapa kali tu IP salah masukin login name.
DENY_THRESHOLD_INVALID = 5

# Kalo udah 10X masukin loginname yang sama, otomatis tu login ga di banned, kecuali buat root.
DENY_THRESHOLD_VALID = 10

# spesial login root nech. Sekali salah masukin login root. langsung BANNED! Enak tenan.
DENY_THRESHOLD_ROOT = 1

# Buat ngumpulin username yang bakalan otomatis kena BANNED.
DENY_THRESHOLD_RESTRICTED = 1

# Buat nyimpen data2 aplikasi denyhosts.
WORK_DIR = /usr/local/etc/denyhosts/data

# Artiin sendiri dah
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

# Masa ga ngerti sech
LOCK_FILE = /var/run/denyhosts.pid
Nach, itulah configurasi yang katanya penting. Konfigurasi yang lainnya katanya cuma additional.
3. Marilah kita jalankan.
# /user/local/etc/denyhost forcestart
4. check dulu dah jalan apa ga.
# ps ax |grep denyhosts
6589  ??  I      1:28.48 /usr/local/bin/python2.5 /usr/local/bin/denyhosts.py
--config /usr/local/etc/denyhosts.conf --daemon
5. Dah jalan nech. tinggal taro di startup
# ee /etc/rc.conf
denyhosts_enable=YES
6. Mari kita tidur... biarkan skrip jalanin fungsinya, ga perlu lagi ngurut2in auth.log

COMMENTS

Name

Application Support,19,database server,1,Desktop/XWindow,1,DNS Server,2,Email Server,3,Firewall,1,FTP Server,2,General,2,IPFilter,1,Kernel,2,Networking,8,Proxy Server,4,Security,6,Tips and Trick,5,Web Server,2,
ltr
item
IndoFreeBSD: Instalasi dan Konfigurasi Denyhosts di FreeBSD 7
Instalasi dan Konfigurasi Denyhosts di FreeBSD 7
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHJGWmGt5wybaIKjeNeNm_rd0q5zg_5pV7Xhznh9Uq_0QNUjjK5nWuRQ8Qc6naaNZ9HYsnn05UY8yTgtxeaeyLg9Z0htdCpE-Ptr6PnQsFNcAREL9V3ovDlM05RzBtGzxSIzg9Fe_e2hNC/s1600/denyhosts-day.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHJGWmGt5wybaIKjeNeNm_rd0q5zg_5pV7Xhznh9Uq_0QNUjjK5nWuRQ8Qc6naaNZ9HYsnn05UY8yTgtxeaeyLg9Z0htdCpE-Ptr6PnQsFNcAREL9V3ovDlM05RzBtGzxSIzg9Fe_e2hNC/s72-c/denyhosts-day.png
IndoFreeBSD
http://www.indofreebsd.or.id/2015/02/instalasi-dan-konfigurasi-denyhosts-di.html
http://www.indofreebsd.or.id/
http://www.indofreebsd.or.id/
http://www.indofreebsd.or.id/2015/02/instalasi-dan-konfigurasi-denyhosts-di.html
true
1901051463523757307
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content