Linux Mint Forums

[Husse]

If some nasty person wants to invade a system (be it Linux or Windooze) access to an account is necessary (or could it be done anyway?). In my Win XP I have set a rule to lock out for 30 minutes after 3 failed login attempts. This way password cracking will take forever. Can this be done in mint?

[scorp123]

You may want to look at this:
http://denyhosts.sourceforge.net/
http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts

"denyhosts" should be availbe via synaptic ("Add/Remove Software"). Once it's installed it's just a matter of configuring it. I suppose you will find all the infos on the web site above.

Another idea might be to add static entries into these two files:

/etc/hosts.deny
/etc/hosts.allow

There is a tutorial:
http://www.debian-administration.org/articles/87

/etc/hosts.allow lists all IP ranges that are allowed to login on my machines, e.g. I have one line in there saying:

Code: Select all

sshd: 127.0.0.1 192.168.1.0/255.255.255.0 10.251.0.0/255.255.0.0 .mynetwork.domain.net

At the same time the file /etc/hosts.deny defines to whom services are blocked, so in my case the file says:

Code: Select all

sshd: ALL

=> The two files go hand in hand!

How would you edit them? e.g. like this:

Code: Select all

sudo gedit /etc/hosts.allow
sudo gedit /etc/hosts.deny

Hope this works?

With this in place no outsider can login to any of my machines. In the system log it will say:
sshd: refused connection from xxx.xxx.xxx.xxx

And of course: you are not limited to "sshd", you can add any valid system service (usually the name of the daemon binary that is responsible for the service).

Regards,
scorp123

[Husse]

Maybe I'm paranoid and if you look into my XP system you will think so - why? Because of the amount of steps I've taken to secure my system.
I have a hardware firewall (router - stealth on all ports) so the suggestion from scorp123 is not what I was looking for - but thanks a lot anyway. Besides isn't IPtables set to have all ports closed on the outside?
I was thinking more like if something followed Firefox or another program in and then tried to log in. I'm not sure if such attempts ends up inside or outside the account for all times.
//edit:
When I wrote this post I suddenly realised that I was about to miss an appointment so I logged out without reading it and hurried away. Thus the preceding sentence is not the most brilliant I've written
What I meant was this: "Something bad" that follows a legal app into your computer most likely ends up in your user account, be it a javascript or an applet of some kind. But I don't feel confident that we won't se something like sudo "something bad" + passwordcracker. Not likely so why do I worry? Well the crackers of today are not kids who want to impress their mates, but the russian maffia who wants money and has really skilled crackers working for them.//
Even without a running server I've seen a few failed log in attempts in the logs in XP - when you are already logged in you are not logged out only the "log in person" is denied entry. (correct me if I'm wrong)
It is perhaps really not necessary if you are not running a server of some kind.
//edit: Maybe to protect "sudo" as stated above//


Trying to adjust to a new reality called Mint