PDA

Bekijk de volledige versie : Anyone got denyhosts installed/running??



shawnbelcourt
15-03-2007, 17:52
Hi guys, want to setup denyhosts because SSH/FTP are constantly getting hammered by dictionary attacks. So rather then having to review and setup drop rules for the whole world I wanted to get denyhosts running to automatically fend off dictionary attacks.

However, when I try install denyhost I get:

[XXXXXX]$ ipkg install denyhosts
Installing denyhosts (1.1.2-5) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/unslung/wl500g/denyhosts_1.1.2-5_mipsel.ipk
Configuring denyhosts
/opt/etc/init.d/S01denyhosts: /opt/etc/init.d/S01denyhosts: 14: /opt/share/denyhosts/denyhosts.py: not found
postinst script returned status 127
ERROR: denyhosts.postinst returned 127
Successfully terminated.


Notes: Python install and is running fine. The file denyhosts.py is where it should be and has the right permissions. I realise that the error messege maybe trying to tell me something else but of what I am not sure.

Any ideas? Have any of you guys got denyhosts running so far?

Please and thank you in advance.

Shawn

shawnbelcourt
15-03-2007, 17:57
Also followed these instructions with the same results...

to get denyhosts to work 1. ipkg install tcpwrappers 2. touch /etc/hosts.deny 3. ipkg install denyhosts

Can anyone see what I might be missing?

Thanks....

Shawn

shawnbelcourt
15-03-2007, 19:38
Its running now...not sure if its doing what its supposed to yet (will check log files tom)..paths in the installer package are wrong...

The step I took to get it working were as follows.....
1. sh> install ipkg denyhosts (ignore errors)
2. vi /opt/share/denyhosts/setup.py look for anypaths such as /var/log or /var/run these need to be /opt/var/log or /opt/var/run
3. cd /opt/share/denyhosts then sh>python setup.py install
4. vi /opt/etc/denyhosts.cfg and adjust any paths to /var path to /opt/var. (plus any other options you want)
5. Adjust the init script to reflect the following...

#!/bin/sh

if [ -f /opt/var/run/denyhosts.pid ] ; then
kill `cat /opt/var/run/denyhosts.pid`
fi

umask 077

rm -f /opt/var/run/denyhosts.pid

touch /opt/etc/hosts.allow
touch /opt/etc/hosts.deny

/opt/local/bin/denyhosts.py --daemon -c /opt/etc/denyhosts.cfg

tokyoturnip
17-03-2007, 03:50
Start dropbear listening on port 443 and use public key authentication and you will not need to worry about dictionary attacks.

neos2k1
17-03-2007, 17:04
What about ftp access attacks ?

neos2k1
17-03-2007, 18:00
5. Adjust the init script to reflect the following...

#!/bin/sh

if [ -f /opt/var/run/denyhosts.pid ] ; then
kill `cat /opt/var/run/denyhosts.pid`
fi

umask 077

rm -f /opt/var/run/denyhosts.pid

touch /opt/etc/hosts.allow
touch /opt/etc/hosts.deny

/opt/local/bin/denyhosts.py --daemon -c /opt/etc/denyhosts.cfg

Hi, what did you mean by ini script ?

neos2k1
18-03-2007, 01:25
I think i've started denyhosts .. but i'm not sure it's working. I still see many unsuccessful attacks in logs. Any thoughts to be sure it's ok.

al37919
23-04-2007, 10:21
I also succeeded to make denyhosts working correctly. It writes to /opt/etc/hosts.deny correct lines. However, unfortunately it is useless right now.

1) Dropbear has no support for hosts.deny at all
2) I installed sshd by installing OpenSSH which is available in the optware. However, unfortunately, the binary is built without tcpwrappers support, so it also doesn't care about hosts.deny file.

By the way despite the fact that in optware there is tcpwrappers package available, there is no one program which uses it right now. xinetd is another typical application which make use of tcpwrappers, but the optware version also has no support for it.

The way to check it:
ldd /opt/sbin/sshd | grep wrap

In case if there is such support it should return something like:
libwrap.so.0 => /lib/libwrap.so.0 (0x0ffd6000)

The way to solve the problem is to recompile corresponding binaries while including the tcpwrappers support.