Finish my Denyhosts package [$20]
-
Hello, it does not modify rules on the firewall. All hosts are checked against the /etc/hosts.deniedssh for access. By default everyone is allowed.
When the system log shows that someone attempted to access ssh or web access many times with a wrong password they are blocked.The list of IP can be updated from a net list located on http://xmlrpc.denyhosts.net:9911 but this is optional. You can configure this in the config file.
To create a white list just add a host to the hosts.allow file in the format of "ALL : ALL : allow". For example: "sshd : 192.168.1.100 : allow" will whitelist host 100 for ssh access.
-
tommyboy180: I sent a private message to you. I haven't seen a response yet.
-
Bounty Still in progress.
-
Did you respond to mcrane's private message? It sounded like he was interested in taking up the bounty.
-
Yes I did. I even had the privilege to speak with him on the phone one morning about a month ago. Mcrane has agreed to help me build this package after he has finished some other projects.
We may see this package soon, hopfully.
-
Sorry for the delay I will try to get this done soon.
-
Another alternative is denyssh. It's designed for use on FreeBSD with PF. I don't think it's as well maintained or as popular as DenyHosts though.
Keep in mind that pfSense already has sshlockout_pf as well (at least in v1.2). It looks like syslog runs all of its entries through sshlockout_pf. If an entry indicates some kind of ssh login failure, the originating IP is added to the sshlockout table. There is a rule that drops everything from any addresses in the sshlockout table. Every 60 minutes, the sshlockout table is emptied by a cron rule.
Perhaps the DenyHosts package should disable the sshlockout_pf mechanism when it's installed (?).
-
Denyhosts is still the way to go. Its the better choice and its already ported for FreeBSD.
I took a look at sshlockout_pf. Tested a default install of pfsense 1.2.3 July build and I was able to bruteforce ssh. Nothing locked me out, the only thing that did happen was after 5 failed attempts pfsense closed the connection but a new one could be established everytime. There is defintly a need for a denyhosts package. I am hoping the package will be created soon.
I also found this link for the people that are installing denyhosts with pkg_add -
Newer builds of pfSense 1.2.3+ should be ok with functional sshlockout_pf.
-
Yes sir. I took a look at the other day. However, it is nowhere near the functionality of Denyhosts. [EDIT I still can bruteforce my way into the latest build of 1.2.3]
The one thing that I really love about denyhosts is the option to get and send bad IPs from a central Database. If an IP is attacking you, you can opt in to send that IP to the denyhosts database so millions of other denyhosts users will block that IP with a list update. The same thing the other way around, denyhosts will download a list with IPs that attacked other people and prevent them from attacking you.Denyhosts doesn't just protect SSH, it also monitors http and more. All auth that occurs on the box is actively monitored.
-
tommyboy i said newer snapshots and there hasn't been one after my post.
-
My apologies
-
I started working on the package yesterday. I should have a basic version out soon. May have some questions to ask you to speed the development along.
Mark
-
The DenyHosts package is now available for pfSense 1.2.3 and higher. Please test it and let me know the results.
Best Regards,
Mark J Crane
-
Ok, I am testing now.
When you uninstall the package it does not restore the original hosts.allow entires
The package doesn't seems to want to start and I cannot figure out why, the service reports down in the service tab in the GUI. -
When you uninstall the package it does not restore the original hosts.allow entires
I just updated the package.
Now when the pfsense denyhosts 0.5 package is installed now it makes a copy of the hosts.allow file and saves it to hosts.allow.bak. When the package is deleted from the pfSense GUI then it saves the hosts.allow.bak file back to the hosts.allow file.
The package doesn't seems to want to start and I cannot figure out why, the service reports down in the service tab in the GUI.
The FreeBSD denyhosts package was not installing. I've done some additional work on it and it now seems to install okay. Please test and confirm.
Best Regards,
Mark J Crane
-
Ok. I looked at it, as far as I can tell its working fine.
Great work. Please send me a PM where I can send the money and complete the bounty. :)
-
This package doesn't work on Nano-BSD? I'm getting some errors. If you say it should run on this platform I can post the errors.
-
Post them my friend.
-
Post them my friend.
It installs fine, then it shows the following log:
2009-09-03 14:42:05,505 - denyhosts : INFO DenyHosts launched with the following args: 2009-09-03 14:42:05,506 - denyhosts : INFO /usr/local/bin/denyhosts.py --config /usr/local/etc/denyhosts.conf --daemon 2009-09-03 14:42:05,507 - prefs : INFO DenyHosts configuration settings: 2009-09-03 14:42:05,508 - prefs : INFO ADMIN_EMAIL: [None] 2009-09-03 14:42:05,509 - prefs : INFO AGE_RESET_INVALID: [864000] 2009-09-03 14:42:05,510 - prefs : INFO AGE_RESET_RESTRICTED: [2160000] 2009-09-03 14:42:05,511 - prefs : INFO AGE_RESET_ROOT: [2160000] 2009-09-03 14:42:05,512 - prefs : INFO AGE_RESET_VALID: [432000] 2009-09-03 14:42:05,512 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no] 2009-09-03 14:42:05,513 - prefs : INFO BLOCK_SERVICE: [sshd] 2009-09-03 14:42:05,514 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts] 2009-09-03 14:42:05,515 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s] 2009-09-03 14:42:05,516 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [None] 2009-09-03 14:42:05,517 - prefs : INFO DAEMON_PURGE: [3600] 2009-09-03 14:42:05,518 - prefs : INFO DAEMON_SLEEP: [30] 2009-09-03 14:42:05,518 - prefs : INFO DENY_THRESHOLD_INVALID: [5] 2009-09-03 14:42:05,519 - prefs : INFO DENY_THRESHOLD_RESTRICTED: [1] 2009-09-03 14:42:05,520 - prefs : INFO DENY_THRESHOLD_ROOT: [1] 2009-09-03 14:42:05,521 - prefs : INFO DENY_THRESHOLD_VALID: [10] 2009-09-03 14:42:05,522 - prefs : INFO FAILED_ENTRY_REGEX: [None] 2009-09-03 14:42:05,523 - prefs : INFO FAILED_ENTRY_REGEX2: [None] 2009-09-03 14:42:05,524 - prefs : INFO FAILED_ENTRY_REGEX3: [None] 2009-09-03 14:42:05,524 - prefs : INFO FAILED_ENTRY_REGEX4: [None] 2009-09-03 14:42:05,525 - prefs : INFO FAILED_ENTRY_REGEX5: [None] 2009-09-03 14:42:05,526 - prefs : INFO FAILED_ENTRY_REGEX6: [None] 2009-09-03 14:42:05,527 - prefs : INFO FAILED_ENTRY_REGEX7: [None] 2009-09-03 14:42:05,528 - prefs : INFO HOSTNAME_LOOKUP: [NO] 2009-09-03 14:42:05,529 - prefs : INFO HOSTS_DENY: [/etc/hosts.deniedssh] 2009-09-03 14:42:05,530 - prefs : INFO LOCK_FILE: [/var/run/denyhosts.pid] 2009-09-03 14:42:05,530 - prefs : INFO PLUGIN_DENY: [None] 2009-09-03 14:42:05,531 - prefs : INFO PLUGIN_PURGE: [None] 2009-09-03 14:42:05,532 - prefs : INFO PURGE_DENY: [None] 2009-09-03 14:42:05,533 - prefs : INFO PURGE_THRESHOLD: [0] 2009-09-03 14:42:05,534 - prefs : INFO RESET_ON_SUCCESS: [no] 2009-09-03 14:42:05,535 - prefs : INFO SECURE_LOG: [/var/log/system.log] 2009-09-03 14:42:05,535 - prefs : INFO SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S %z] 2009-09-03 14:42:05,536 - prefs : INFO SMTP_FROM: [DenyHosts <nobody@localhost>] 2009-09-03 14:42:05,537 - prefs : INFO SMTP_HOST: [localhost] 2009-09-03 14:42:05,538 - prefs : INFO SMTP_PASSWORD: [None] 2009-09-03 14:42:05,539 - prefs : INFO SMTP_PORT: [25] 2009-09-03 14:42:05,540 - prefs : INFO SMTP_SUBJECT: [DenyHosts Report] 2009-09-03 14:42:05,541 - prefs : INFO SMTP_USERNAME: [None] 2009-09-03 14:42:05,541 - prefs : INFO SSHD_FORMAT_REGEX: [None] 2009-09-03 14:42:05,542 - prefs : INFO SUCCESSFUL_ENTRY_REGEX: [None] 2009-09-03 14:42:05,543 - prefs : INFO SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES] 2009-09-03 14:42:05,544 - prefs : INFO SYNC_DOWNLOAD: [yes] 2009-09-03 14:42:05,545 - prefs : INFO SYNC_DOWNLOAD_RESILIENCY: [18000] 2009-09-03 14:42:05,546 - prefs : INFO SYNC_DOWNLOAD_THRESHOLD: [3] 2009-09-03 14:42:05,547 - prefs : INFO SYNC_INTERVAL: [3600] 2009-09-03 14:42:05,548 - prefs : INFO SYNC_SERVER: [http://xmlrpc.denyhosts.net:9911] 2009-09-03 14:42:05,548 - prefs : INFO SYNC_UPLOAD: [yes] 2009-09-03 14:42:05,549 - prefs : INFO SYSLOG_REPORT: [no] 2009-09-03 14:42:05,550 - prefs : INFO WORK_DIR: [/usr/local/share/denyhosts/data] 2009-09-03 14:42:05,552 - denyhosts : INFO restricted: set([]) 2009-09-03 14:42:05,556 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... 2009-09-03 14:42:05,568 - denyhosts : INFO DenyHosts daemon is now running, pid: 7654 2009-09-03 14:42:05,570 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly 2009-09-03 14:42:05,571 - denyhosts : INFO eg. kill -TERM 7654 2009-09-03 14:42:05,573 - denyhosts : INFO monitoring log: /var/log/system.log 2009-09-03 14:42:05,574 - denyhosts : INFO sync_time: 3600 2009-09-03 14:42:05,575 - denyhosts : INFO purging of /etc/hosts.deniedssh is disabled 2009-09-03 14:42:05,578 - denyhosts : INFO sync_time: : 3600 2009-09-03 14:42:05,579 - denyhosts : INFO sync_sleep_ratio: 120</nobody@localhost> ```After a while it displays some errors. I will post them in an hour or so as they appear. thanks so far! 8)