Lesson 13

Date: 6/27/2018

Linux Network Security

Linux System Administration

Denyhosts
DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is designed to prevent brute-force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses using /etc/hosts.deny and iptables on Linux server.

Exercise

On testub VM, clear the logs:

cp /dev/null /var/log/auth.log

On testub VM, install denyhosts service:

apt-get install denyhosts

Edit file /etc/denyhosts and comment the line with iptables

#IPTABLES = /sbin/iptables

Restart denyhosts:

systemctl restart denyhosts

On the desktop, run ncrack on testub VM, then check the content of /etc/hosts.deny. You should see the IP address of the desktop, 192.168.122.1 denied accessing sshd. Try ssh-ing from the desktop to testub

On testcent VM, clear the logs and install denyhosts

cp /dev/null /var/log/secure
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7Server/x86_64/Packages/e/epel-release-7-11.noarch.rpm
yum install denyhosts

Run ncrack on testcent VM, then check its /etc/hosts.deny content.

Exercise: SSH brute force attack
Exercise: Log check for login attempts
Exercise: TCP wrappers
Exercise: denyhosts
Stack overflow
Exercise with Stack overflow
Package upgrades and verification
Open Ports List exercise
Closing Ports
IP filtering firewalls (iptables)
Building iptables rules
Simple iptables script
NAT table
NAT script
Exercises with iptables
Port scanning exercises
Vulnerability scanning exercises
References
Take me to the Course Website