This time i want to explain an important aspect of Linux Security possibilities that just a few people use and know. It is called TCP Wrappers, created by Wietse Venema since arround 20 years. (person in the photo)You can download and setup TCP Wrappers from Wietse's site:
ftp://ftp.porcupine.org/pub/security/index.html
In almost all Linux and BSD flavors (Redhat, Fedora, Suse, Ubuntu, FreeBSD) TCP Wrappers comes included and the setup is very easy.
TCP Wrappers gives the possibility to control and protect the network services, limiting the access and registering (if you want to) all the connections to make the work of detecting and resolving problems easier.
To setup TCP Wrappers you work with two access control text files, they are called:
/etc/hosts.allow and /etc/hosts.deny. The format to write into these files is:
daemon_list : client_list [ : shell_command ]
An example of a hosts.allow file would be:
###################### #### SSH Client1 #### ######################
sshd : 200.42.48.22/255.255.255.0 : spawn (echo -e "Connected from Client1 %h (Walter Lamagna) " | \ mail -s "SSH connection to admin jail" sysop@serverlinux.blogspot.com) : ALLOW
#### DENY THE REST #### ALL : ALL : DENY
This setup permits only the connection from one IP, the other connections are filtered by TcpWrappers. And when the server gets that connection, it informs me with an email about the connection, that is a good policy.
Now i want to receive an email when an attempt exists to connect from another IP address:
###################### #### SSH Rest #### ######################
sshd : ALL : spawn (echo -e "Access denied to external ssh connection to admin j ail from %h " | mail -s "SSH connection denied to admin jail" sysop@serverlinux.blogspot.com) : DENY
Further reading:
$ man hosts.allow
0 comentarios:
Post a Comment