Saturday, October 27, 2007

Using tcp_wrappers

To a lot of newbies, including myself, designing and setting up a proper firewall requires a lot of technical knowledge, experiences and perhaps expertise. I mean a real perimeter firewall, not those you play at home with your ADSL router type of firewall.

Before we talk about firewall, does linux system provides any form of protection over remote ssh attack? A simple one that needs only a few lines, to at least not allowing anybody trying to ssh in?

Alright, this is what we are going to talk about - 'tcp_wrappers'.

Under /etc, you'll find hosts.allow and hosts.deny. If you don't get any of the file, you could just create it with your favourite editor, i use vi.

Straight to the point, stop beating around the bush...

Under /etc/hosts.allow

# You want to allow remote users telnet into your host, but only LAN - trusted users
in.telnetd: 192.168.1.0/255.255.255.0 : Allow

Under /etc/hosts.deny

#You'd only need to deny everything :
in.telnetd: ALL : Deny

Under normal circumstances, the 2 files above means hosts.deny will deny anything trying to connect to this protected host, but whatever listed in hosts.allow will be allow.

Clear? Okay, lay man term, "Deny everything, only allow what listed in hosts.allow file". Get it?

Oh yeah, changing the above 2 files, you don't have to restart anything, it'll work after you save the files.

What if i want to log all those attempted in? Check this out -

in.telnetd: ALL : spawn (echo Security notice from host `/bin/hostname`; \
echo; /usr/sbin/safe_finger @%h ) | \
/bin/mail -s "%d-%h security" admin@email.com & \
: twist ( /bin/echo -e "\n\nWARNING connection not allowed. Your attempt has been logged.
/etc/hosts.deny

Simple, huh??

regards,
Skywalker

No comments: