The install worked great. But when I try to create the service: cygrunsrv -I DenyHosts -p /usr/share/denyhosts/daemon-control -a start -d DenyHosts -f "DenyHosts 2.6" -y sshd -x /var/run/denyhosts.pid -o
I get this: cygrunsrv: unknown option -- Also, this does not exist: /usr/share/denyhosts/daemon-control -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of René Berber Sent: Sunday, February 17, 2008 7:53 PM To: cygwin@cygwin.com Subject: Re: Stop Brute Force Attack on SSH Kyle Dawson wrote: > How can I stop attacks on my ssh demon? I see thousands of attempts every > day. I have, I believe good password policy but since I have clients, not > 100% sure. Is there some config that I can set? One ip address comes in > and tries for a day or so. Can it see that it is the same ip and just > deny? Any tools that can help? Install DenyHosts or Fail2ban : http://denyhosts.sourceforge.net/ http://www.fail2ban.org/wiki/index.php/Main_Page Both are Python programs and both use the syslog log (either syslog-ng or the syslog wich comes with inetutils), so you have to install that first from the Cygwin packages (i.e. using Cygwin's setup.exe), then since there is no package for DenyHosts or Fail2ban, download the source, expand the package (with 'tar xvf <name-of-package.tar.gz>') and do: python setup.py install To finish with DenyHosts you need to configure it, meaning edit the file in /usr/share/denyhosts/denyhosts.cfg, only a few things need change but is better to get acquainted with the available options, and also edit the 3 lines near the top of /usr/share/denyhosts/daemon-control. Add the service using: cygrunsrv -I DenyHosts -p /usr/share/denyhosts/daemon-control -a start \ -d DenyHosts -f "DenyHosts 2.6" -y sshd -x /var/run/denyhosts.pid -o cygrunsrv -S DenyHosts The (interesting) options I use in the config file are: SECURE_LOG = /var/log/messages HOSTS_DENY = /etc/hosts.deny PURGE_DENY = 1d BLOCK_SERVICE = sshd DENY_THRESHOLD_INVALID = 3 DENY_THRESHOLD_VALID = 5 DENY_THRESHOLD_ROOT = 1 DENY_THRESHOLD_RESTRICTED = 1 WORK_DIR = /usr/share/denyhosts/data LOCK_FILE = /var/run/denyhosts.pid SYSLOG_REPORT=YES AGE_RESET_VALID=5d AGE_RESET_ROOT=25d AGE_RESET_RESTRICTED=25d AGE_RESET_INVALID=10d RESET_ON_SUCCESS = yes USERDEF_FAILED_ENTRY_REGEX=User (?P<user>\S+) from (::ffff:)?(?P<host>\S+) not allowed because not listed in.* DAEMON_LOG = /var/log/denyhosts DAEMON_LOG_TIME_FORMAT = %b %d %T DAEMON_SLEEP = 15s DAEMON_PURGE = 1h SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 SYNC_INTERVAL = 1h SYNC_UPLOAD = yes SYNC_DOWNLOAD = yes SYNC_DOWNLOAD_THRESHOLD = 3 SYNC_DOWNLOAD_RESILIENCY = 5h Optionally you can create 2 files to add which users are "critical", since there is no root in Windows I added Administrator and a few others that are favorites of dictionary attacks. Also the white list. Those 2 files don't exist by default, they are: /usr/share/denyhosts/data/allowed-hosts /usr/share/denyhosts/data/restricted-usernames But of course all that is documented. -- René Berber -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
