It was bound to happen - suspected hack
aaron hirsch
aaronh at uptime.net
Thu Oct 21 10:00:28 CDT 2004
I'd modify the hosts.allow file a bit more...
i.e.
sshd: localhost 192.168.0.0/255.255.255.0 12.30.163.*
ALL:ALL:DENY
This is a "catch-all" that is a best practice just incase the hosts.deny
is misconfigured or not configured at all, although the ALL:ALL in your
hosts.deny is correct. It will deny access to all services that tcpd
monitors to everything as a last resort. Hence, if it's not explicitly
defined to be allowed, it is by default denied.
Just an idea...
-----Original Message-----
From: Jon Moss [mailto:jon.moss at cnonline.net]
Sent: Thursday, October 21, 2004 7:03 AM
To: kclug at kclug.org
Subject: Re: It was bound to happen - suspected hack
I've been researching sshd and allowing/denying access and I think I
have
figured it out. Just please confirm that I'm on the right track.
I edited my hosts.allow as follows:
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd: localhost 192.168.0.0/255.255.255.0 12.30.163.*
And then my hosts.deny as follows:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
ALL : ALL
However, I don't really have anyway to test this as I allowed access
from
everywhere that I am. :)
Any suggestions and advice is still greatly appreciated.
--
Thanks very much,
Jon Moss
jon.moss at cnonline.net
_______________________________________________
Kclug mailing list
Kclug at kclug.org
http://kclug.org/mailman/listinfo/kclug
More information about the Kclug
mailing list