iptables + denyhosts + ssh - denyhosts nie wysyła maili

Dyskusje o wszystkim co służy ochronie systemu i danych przed nieautoryzowanym dostępem.
Awatar użytkownika
Draqun
Sędziwy Jeż
Sędziwy Jeż
Posty: 73
Rejestracja: 27 wrz 2007, 17:21
Płeć: Mężczyzna
Wersja Ubuntu: 18.04
Środowisko graficzne: KDE Plasma
Architektura: x86_64
Kontakt:

iptables + denyhosts + ssh - denyhosts nie wysyła maili

Post autor: Draqun » 24 wrz 2017, 18:07

Hej.
Mam taki drobny problem. Na Ubuntu 17.04 postawiłem sobie ssh, skonfigurowałem iptables i denyhosts (konfiguracje poniżej). Niestety denyhost nie wysyła mi maili. Myślałem, że może to brak serwera poczty więc doinstalowałem postfixa ale też nic.

Aby przetestować czy denyhost działa poprawnie do /etc/hosts.deny dodałem
sshd: 127.0.0.1

Następnie próbuję zalogować się za pomocą
ssh damian@127.0.0.1 -p 987

Oczywiście w odpowiedzi otrzymjuje
ssh_exchange_identification: read: Connection reset by peer

Oczekiwałbym też, że dostanę maila z powiadomieniem. Niestety nic. Sama synchronizacja denyhosts również nie działa.

Jakieś propozycje? Coś złego jest w konfiguracji iptables czy denyhosts.
Jest to dość zaskakująca sytuacja, szczególnie, że bazuje na moich konfiguracjach, które działały mi na serwerach.

Generalnie każda uwaga pozwalająca zwiększyć bezpieczeństwo będzie ciepło przyjęta.

Pozdrawiam.

/iptables

Kod: Zaznacz cały

#!/bin/bash

echo -n Password: 
read -s password
echo
echo $password | sudo -Sv
password=""

IPTABLES="sudo iptables"


# CZYSZCZENIE STARYCH REGUŁ
$IPTABLES -F
$IPTABLES -X
$IPTABLES -F -t nat
$IPTABLES -X -t nat
$IPTABLES -F -t filter
$IPTABLES -X -t filter
 
# USTAWIENIE POLITYKI DZIAŁANIA
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-unreachable

$IPTABLES -A INPUT -s 192.168.1.250/24 -j LOG --log-prefix='[iptables] '

# POZWOLENIE DLA WWW
# $IPTABLES -A INPUT -p tcp -m tcp --dport 81 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

# POZWOLENIE DLA SSH
$IPTABLES -A INPUT -p tcp -m tcp --dport 987 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --sport 987 -m state --state ESTABLISHED,RELATED -j ACCEPT

# POZWOLENIE DLA SVN
# $IPTABLES -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
# $IPTABLES -A OUTPUT -p tcp --sport 8080 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# OCHRONA PRZED SKANOWANIEM ACK SCAN
$IPTABLES -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH ACK -j LOG --log-prefix "[iptables] ACK scan: "
$IPTABLES -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH ACK -j DROP # Metoda ACK (nmap -sA)
 
# OCHRONA PRZED SKANOWANIEM FIN SCAN
$IPTABLES -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN -j LOG --log-prefix "[iptables] FIN scan: "
$IPTABLES -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN -j DROP # Skanowanie FIN (nmap -sF)
 
# OCHRONA PRZED SKANOWANIEM XMAS TREE SCAN
$IPTABLES -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH PSH -j LOG --log-prefix "[iptables] Xmas scan: "
$IPTABLES -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN,URG,PSH -j DROP # Metoda Xmas Tree (nmap -sX)
 
# OCHRONA PRZED SKANOWANIEM NULL SCAN
$IPTABLES -A INPUT -m conntrack --ctstate INVALID -p tcp ! --tcp-flags SYN,RST,ACK,FIN,PSH,URG SYN,RST,ACK,FIN,PSH,URG -j LOG --log-prefix "[iptables] Null scan: "
 
# OCHRONA PRZED ATAKIEM Dos
$IPTABLES -A INPUT -m conntrack --ctstate INVALID -p tcp ! --tcp-flags SYN,RST,ACK,FIN,PSH,URG SYN,RST
$IPTABLES -N syn-flood
$IPTABLES -A INPUT -p tcp --syn -j syn-flood
$IPTABLES -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
$IPTABLES -A syn-flood -m limit --limit 1/s --limit-burst 4 -j LOG --log-prefix "[iptables] SYN-flood: "
$IPTABLES -A syn-flood -j DROP
 
# OCHRONA PRZED ATAKIEM PING OF DEATH 
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j LOG --log-prefix "[iptables] Ping: "
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT # Ping of death
 
# ZABLOKOWANIE PINGOWANIA
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-unreachable
 
# BLOKOWANIE TELNETU
$IPTABLES -A OUTPUT -p tcp --dport telnet -j REJECT
$IPTABLES -A INPUT -p tcp --dport telnet -j REJECT
 
#ZAPIS DO LOGA ODRZUCONYCH PAKIETÓW PRZYCHODZĄCYCH W KATALOGU var/log/messages
$IPTABLES -N LOGGING
$IPTABLES -A INPUT -j LOGGING
$IPTABLES -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "[iptables] IPTables-Dropped: " --log-level 4
$IPTABLES -A LOGGING -j DROP

#ZAPIS DO LOGA WSZYSTKICH WYCHODZACYCH PAKIETOW 
$IPTABLES -A OUTPUT -j LOG --log-prefix='[iptables] [output]' --log-level 4 
/etc/ssh/sshd_config

Kod: Zaznacz cały

#	$OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

Port 987
#AddressFamily any
#ListenAddress 192.168.1.190
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
#MaxSessions 10

PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile	.pornkeys/authorized_keys .pornkeys/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd yes # Changed, not default
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem	sftp	/usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server
/etc/denyhosts.conf

Kod: Zaznacz cały

   ############ THESE SETTINGS ARE REQUIRED ############ 

######################################################################## 
# 
# SECURE_LOG: the log file that contains sshd logging info 
# if you are not sure, grep "sshd:" /var/log/* 
# 
# The file to process can be overridden with the --file command line 
# argument 
# 
# Redhat or Fedora Core: 
#SECURE_LOG = /var/log/secure 
# 
# Mandrake, FreeBSD or OpenBSD: 
#SECURE_LOG = /var/log/auth.log 
# 
# SuSE: 
#SECURE_LOG = /var/log/messages 
# 
# Mac OS X (v10.4 or greater - 
#  also refer to:  http://www.denyhost.net/faq.html#macos 
#SECURE_LOG = /private/var/log/asl.log 
# 
# Mac OS X (v10.3 or earlier): 
#SECURE_LOG=/private/var/log/system.log 
# 
# Debian and Ubuntu 
SECURE_LOG = /var/log/auth.log 
######################################################################## 

######################################################################## 
# 
# HOSTS_DENY: the file which contains restricted host access information 
# 
# Most operating systems: 
HOSTS_DENY = /etc/hosts.deny 
# 
# Some BSD (FreeBSD) Unixes: 
#HOSTS_DENY = /etc/hosts.allow 
# 
# Another possibility (also see the next option): 
#HOSTS_DENY = /etc/hosts.evil 
####################################################################### 


######################################################################## 
# 
# PURGE_DENY: removed HOSTS_DENY entries that are older than this time 
#       when DenyHosts is invoked with the --purge flag 
# 
#   format is: i[dhwmy] 
#   Where 'i' is an integer (eg. 7) 
#      'm' = minutes 
#      'h' = hours 
#      'd' = days 
#      'w' = weeks 
#      'y' = years 
# 
# never purge: 
PURGE_DENY = 
# 
# purge entries older than 1 week 
#PURGE_DENY = 1w 
# 
# purge entries older than 5 days 
#PURGE_DENY = 5d 
####################################################################### 

####################################################################### 
# 
# PURGE_THRESHOLD: defines the maximum times a host will be purged. 
# Once this value has been exceeded then this host will not be purged. 
# Setting this parameter to 0 (the default) disables this feature. 
# 
# default: a denied host can be purged/re-added indefinitely 
#PURGE_THRESHOLD = 0 
# 
# a denied host will be purged at most 2 times. 
#PURGE_THRESHOLD = 2 
# 
####################################################################### 


####################################################################### 
# 
# BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY 
# 
# man 5 hosts_access for details 
# 
# eg.  sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1 
# 
# To block all services for the offending host: 
#BLOCK_SERVICE = ALL 
# To block only sshd: 
BLOCK_SERVICE = sshd 
# To only record the offending host and nothing else (if using 
# an auxilary file to list the hosts). Refer to: 
# http://denyhost.sourceforge.net/faq.html#aux 
#BLOCK_SERVICE =  
# 
####################################################################### 


####################################################################### 
# 
# DENY_THRESHOLD_INVALID: block each host after the number of failed login 
# attempts has exceeded this value. This value applies to invalid 
# user login attempts (eg. non-existent user accounts) 
# 
DENY_THRESHOLD_INVALID = 5 
# 
####################################################################### 

####################################################################### 
# 
# DENY_THRESHOLD_VALID: block each host after the number of failed 
# login attempts has exceeded this value. This value applies to valid 
# user login attempts (eg. user accounts that exist in /etc/passwd) except 
# for the "root" user 
# 
DENY_THRESHOLD_VALID = 10 
# 
####################################################################### 

####################################################################### 
# 
# DENY_THRESHOLD_ROOT: block each host after the number of failed 
# login attempts has exceeded this value. This value applies to 
# "root" user login attempts only. 
# 
DENY_THRESHOLD_ROOT = 1 
# 
####################################################################### 


####################################################################### 
# 
# DENY_THRESHOLD_RESTRICTED: block each host after the number of failed 
# login attempts has exceeded this value. This value applies to 
# usernames that appear in the WORK_DIR/restricted-usernames file only. 
# 
DENY_THRESHOLD_RESTRICTED = 1 
# 
####################################################################### 


####################################################################### 
# 
# WORK_DIR: the path that DenyHosts will use for writing data to 
# (it will be created if it does not already exist). 
# 
# Note: it is recommended that you use an absolute pathname 
# for this value (eg. /home/foo/denyhost/data) 
# 
WORK_DIR = /var/lib/denyhosts 
# 
####################################################################### 

####################################################################### 
# 
# ETC_DIR: the path that DenyHosts will use for reading data when 
# we need configuration information. 
# 
# Note: it is recommended that you use an absolute pathname 
# for this value (eg. /etc or /usr/local/etc) 
# 
ETC_DIR = /etc 
# 
####################################################################### ####################################################################### 
# 
# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS 
# 
# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO 
# If set to YES, if a suspicious login attempt results from an allowed-host 
# then it is considered suspicious. If this is NO, then suspicious logins 
# from allowed-hosts will not be reported. All suspicious logins from 
# ip addresses that are not in allowed-hosts will always be reported. 
# 
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES 
###################################################################### 

###################################################################### 
# 
# HOSTNAME_LOOKUP 
# 
# HOSTNAME_LOOKUP=YES|NO 
# If set to YES, for each IP address that is reported by Denyhosts, 
# the corresponding hostname will be looked up and reported as well 
# (if available). 
# 
HOSTNAME_LOOKUP=YES
# 
###################################################################### 


###################################################################### 
# 
# LOCK_FILE 
# 
# LOCK_FILE=/path/denyhosts 
# If this file exists when DenyHosts is run, then DenyHosts will exit 
# immediately. Otherwise, this file will be created upon invocation 
# and deleted upon exit. This ensures that only one instance is 
# running at a time. 
# 
# Redhat/Fedora: 
#LOCK_FILE = /var/lock/subsys/denyhosts 
# 
# Debian 
LOCK_FILE = /var/run/denyhosts.pid 
# 
# Misc 
#LOCK_FILE = /tmp/denyhosts.lock 
# 
###################################################################### 


    ############ THESE SETTINGS ARE OPTIONAL ############ 


####################################################################### 
# 
# IPTABLES: if you would like DenyHost to block incoming connections 
# using the Linux firewall IPTABLES, then set the following variable 
# to the path of the iptables executable. Typically this is 
# /sbin/iptables 
# If this option is not set or commented out then the iptables 
# firewall is not used. 
IPTABLES = /sbin/iptables 
# 
# By default DenyHost will ask IPTables to block incoming connections 
# from an aggressive host on ALL ports. While this is usually a good 
# idea, it may prevent some botted machines from being able to access 
# services their legitmate users want, like a web server. To only 
# block specific ports, enable the following option. 
# BLOCKPORT = 22 
# 
####################################################################### 

####################################################################### 
# 
# ADMIN_EMAIL: if you would like to receive emails regarding newly 
# restricted hosts and suspicious logins, set this address to 
# match your email address. If you do not want to receive these reports 
# leave this field blank (or run with the --noemail option) 
# 
# Multiple email addresses can be delimited by a comma, eg: 
# ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com 
# 
ADMIN_EMAIL = "dig271090+denyhosts@gmail.com"
# 
####################################################################### 

####################################################################### 
# 
# SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email 
# reports (see ADMIN_EMAIL) then these settings specify the 
# email server address (SMTP_HOST) and the server port (SMTP_PORT) 
# 
# 
SMTP_HOST = localhost
SMTP_PORT = 25
# 
####################################################################### 

####################################################################### 
# 
# SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your 
# smtp email server requires authentication 
# 
#SMTP_USERNAME=foo
#SMTP_PASSWORD=bar
# 
###################################################################### 

####################################################################### 
# 
# SMTP_FROM: you can specify the "From:" address in messages sent 
# from DenyHosts when it reports thwarted abuse attempts 
# 
SMTP_FROM = DenyHosts <denyhosts@home.draqun.tk> 
# 
####################################################################### 

####################################################################### 
# 
# SMTP_SUBJECT: you can specify the "Subject:" of messages sent 
# by DenyHosts when it reports thwarted abuse attempts 
SMTP_SUBJECT = DenyHosts Report 
# 
###################################################################### 

###################################################################### 
# 
# SMTP_DATE_FORMAT: specifies the format used for the "Date:" header 
# when sending email messages. 
# 
# for possible values for this parameter refer to: man strftime 
# 
# the default: 
# 
#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z 
# 
###################################################################### 

###################################################################### 
# 
# SYSLOG_REPORT 
# 
# SYSLOG_REPORT=YES|NO 
# If set to yes, when denied hosts are recorded the report data 
# will be sent to syslog (syslog must be present on your system). 
# The default is: NO 
# 
#SYSLOG_REPORT=NO 
# 
SYSLOG_REPORT=YES 
# 
###################################################################### 
 
###################################################################### 
# 
# ALLOWED_HOSTS_HOSTNAME_LOOKUP 
# 
# ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO 
# If set to YES, for each entry in the WORK_DIR/allowed-hosts file, 
# the hostname will be looked up. If your versions of tcp_wrappers 
# and sshd sometimes log hostnames in addition to ip addresses 
# then you may wish to specify this option. 
# 
ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO 
# 
###################################################################### 

###################################################################### 
# 
# AGE_RESET_VALID: Specifies the period of time between failed login 
# attempts that, when exceeded will result in the failed count for 
# this host to be reset to 0. This value applies to login attempts 
# to all valid users (those within /etc/passwd) with the 
# exception of root. If not defined, this count will never 
# be reset. 
# 
# See the comments in the PURGE_DENY section (above) 
# for details on specifying this value or for complete details 
# refer to: http://denyhost.sourceforge.net/faq.html#timespec 
# 
AGE_RESET_VALID=5d 
# 
###################################################################### 

###################################################################### 
# 
# AGE_RESET_ROOT: Specifies the period of time between failed login 
# attempts that, when exceeded will result in the failed count for 
# this host to be reset to 0. This value applies to all login 
# attempts to the "root" user account. If not defined, 
# this count will never be reset. 
# 
# See the comments in the PURGE_DENY section (above) 
# for details on specifying this value or for complete details 
# refer to: http://denyhost.sourceforge.net/faq.html#timespec 
# 
AGE_RESET_ROOT=25d 
# 
###################################################################### 

###################################################################### 
# 
# AGE_RESET_RESTRICTED: Specifies the period of time between failed login 
# attempts that, when exceeded will result in the failed count for 
# this host to be reset to 0. This value applies to all login 
# attempts to entries found in the WORK_DIR/restricted-usernames file. 
# If not defined, the count will never be reset. 
# 
# See the comments in the PURGE_DENY section (above) 
# for details on specifying this value or for complete details 
# refer to: http://denyhost.sourceforge.net/faq.html#timespec 
# 
AGE_RESET_RESTRICTED=25d 
# 
###################################################################### 


###################################################################### 
# 
# AGE_RESET_INVALID: Specifies the period of time between failed login 
# attempts that, when exceeded will result in the failed count for 
# this host to be reset to 0. This value applies to login attempts 
# made to any invalid username (those that do not appear 
# in /etc/passwd). If not defined, count will never be reset. 
# 
# See the comments in the PURGE_DENY section (above) 
# for details on specifying this value or for complete details 
# refer to: http://denyhost.sourceforge.net/faq.html#timespec 
# 
AGE_RESET_INVALID=10d 
# 
###################################################################### 


###################################################################### 
# 
# RESET_ON_SUCCESS: If this parameter is set to "yes" then the 
# failed count for the respective ip address will be reset to 0 
# if the login is successful. 
# 
# The default is RESET_ON_SUCCESS = no 
# 
#RESET_ON_SUCCESS = yes 
# 
##################################################################### 


###################################################################### 
# 
# PLUGIN_DENY: If set, this value should point to an executable 
# program that will be invoked when a host is added to the 
# HOSTS_DENY file. This executable will be passed the host 
# that will be added as its only argument. 
# 
#PLUGIN_DENY=/usr/bin/true 
# 
###################################################################### 


###################################################################### 
# 
# PLUGIN_PURGE: If set, this value should point to an executable 
# program that will be invoked when a host is removed from the 
# HOSTS_DENY file. This executable will be passed the host 
# that is to be purged as it's only argument. 
# 
#PLUGIN_PURGE=/usr/bin/true 
# 
###################################################################### 

###################################################################### 
# 
# USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain 
# a regular expression that can be used to identify additional 
# hackers for your particular ssh configuration. This functionality 
# extends the built-in regular expressions that DenyHosts uses. 
# This parameter can be specified multiple times. 
# See this faq entry for more details: 
#  http://denyhost.sf.net/faq.html#userdef_regex 
# 
#USERDEF_FAILED_ENTRY_REGEX= 
# 
# 
###################################################################### 
  ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ########## ####################################################################### 
# 
# DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag) 
# this is the logfile that DenyHosts uses to report its status. 
# To disable logging, leave blank. (default is: /var/log/denyhosts) 
# 
DAEMON_LOG = /var/log/denyhosts 
# 
# disable logging: 
#DAEMON_LOG = 
# 
###################################################################### 

####################################################################### 
# 
# DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode 
# (--daemon flag) this specifies the timestamp format of 
# the DAEMON_LOG messages (default is the ISO8061 format: 
# ie. 2005-07-22 10:38:01,745) 
# 
# for possible values for this parameter refer to: man strftime 
# 
# Jan 1 13:05:59  
#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S 
# 
# Jan 1 01:05:59 
#DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S 
# 
###################################################################### 

####################################################################### 
# 
# DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode 
# (--daemon flag) this specifies the message format of each logged 
# entry. By default the following format is used: 
# 
# %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s 
# 
# Where the "%(asctime)s" portion is expanded to the format 
# defined by DAEMON_LOG_TIME_FORMAT 
# 
# This string is passed to python's logging.Formatter contstuctor. 
# For details on the possible format types please refer to: 
# http://docs.python.org/lib/node357.html 
# 
# This is the default: 
#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s 
# 
# 
###################################################################### 

 
####################################################################### 
# 
# DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag) 
# this is the amount of time DenyHosts will sleep between polling 
# the SECURE_LOG. See the comments in the PURGE_DENY section (above) 
# for details on specifying this value or for complete details 
# refer to:  http://denyhost.sourceforge.net/faq.html#timespec 
# 
# 
DAEMON_SLEEP = 30s 
# 
####################################################################### 

####################################################################### 
# 
# DAEMON_PURGE: How often should DenyHosts, when run in daemon mode, 
# run the purge mechanism to expire old entries in HOSTS_DENY 
# This has no effect if PURGE_DENY is blank. 
# 
DAEMON_PURGE = 1h 
# 
####################################################################### 


  #########  THESE SETTINGS ARE SPECIFIC TO   ########## 
  #########    DAEMON SYNCHRONIZATION     ########## 


####################################################################### 
# 
# Synchronization mode allows the DenyHosts daemon the ability 
# to periodically send and receive denied host data such that 
# DenyHosts daemons worldwide can automatically inform one 
# another regarding banned hosts.  This mode is disabled by 
# default, you must uncomment SYNC_SERVER to enable this mode. 
# 
# for more information, please refer to: 
#    http:/denyhost.sourceforge.net/faq.html 
# 
####################################################################### 


####################################################################### 
# 
# SYNC_SERVER: The central server that communicates with DenyHost 
# daemons. 
# 
# To disable synchronization (the default), do nothing. 
# 
# To enable synchronization, you must uncomment the following line: 
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 
# 
####################################################################### 

####################################################################### 
# 
# SYNC_INTERVAL: the interval of time to perform synchronizations if 
# SYNC_SERVER has been uncommented. The default is 1 hour. 
# 
SYNC_INTERVAL = 1h 
# 
####################################################################### 


####################################################################### 
# 
# SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have 
# been denied? This option only applies if SYNC_SERVER has 
# been uncommented. 
# The default is SYNC_UPLOAD = yes 
# 
#SYNC_UPLOAD = no 
SYNC_UPLOAD = yes 
# 
####################################################################### 


####################################################################### 
# 
# SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have 
# been denied by others? This option only applies if SYNC_SERVER has 
# been uncommented. 
# The default is SYNC_DOWNLOAD = yes 
# 
#SYNC_DOWNLOAD = no 
SYNC_DOWNLOAD = yes 
# 
# 
# 
####################################################################### 

####################################################################### 
# 
# SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this parameter 
# filters the returned hosts to those that have been blocked this many 
# times by others. That is, if set to 1, then if a single DenyHosts 
# server has denied an ip address then you will receive the denied host. 
# 
# See also SYNC_DOWNLOAD_RESILIENCY 
# 
#SYNC_DOWNLOAD_THRESHOLD = 10 
# 
# The default is SYNC_DOWNLOAD_THRESHOLD = 3 
# 
#SYNC_DOWNLOAD_THRESHOLD = 3 
# 
####################################################################### 

####################################################################### 
# 
# SYNC_DOWNLOAD_RESILIENCY: If SYNC_DOWNLOAD is enabled then the 
# value specified for this option limits the downloaded data 
# to this resiliency period or greater. 
# 
# Resiliency is defined as the timespan between a hackers first known 
# attack and its most recent attack. Example: 
# 
# If the centralized denyhosts.net server records an attack at 2 PM 
# and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h 
# will not download this ip address. 
# 
# However, if the attacker is recorded again at 6:15 PM then the 
# ip address will be downloaded by your DenyHosts instance. 
# 
# This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD 
# and only hosts that satisfy both values will be downloaded. 
# This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1 
# 
# The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours) 
# 
# Only obtain hackers that have been at it for 2 days or more: 
#SYNC_DOWNLOAD_RESILIENCY = 2d 
# 
# Only obtain hackers that have been at it for 5 hours or more: 
#SYNC_DOWNLOAD_RESILIENCY = 5h 
# 
####################################################################### 
Awatar użytkownika
jacekalex
Gibki Gibbon
Gibki Gibbon
Posty: 4101
Rejestracja: 17 cze 2007, 02:54
Płeć: Mężczyzna
Wersja Ubuntu: inny OS
Środowisko graficzne: MATE
Architektura: x86_64

Re: iptables + denyhosts + ssh - denyhosts nie wysyła maili

Post autor: jacekalex » 25 lis 2017, 13:50

Zobacz.czy dojdzie mail z takiego polecenia:

Kod: Zaznacz cały

echo "mail testowy" | sendmail root
Jeśli nie, to będzie trzeba poprawić aliansy i skonfigurować system pocztowy w Twoim systemie.
Problemy rozwiązujemy na forum nie na PW -> Niech inni na tym skorzystają.
Komputer jest jak klimatyzacja - gdy otworzysz okna, robi się bezużyteczny...
Linux User #499936
Inny OS: Gentoo Linux :)
ODPOWIEDZ

Wróć do „Bezpieczeństwo Ubuntu”

Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 5 gości