I am constantly on the ports for the Administration to knock any suspicious clients and trying to sort out the password or attack. To guard against this, I sit day wrote a program for protection.
The program is written in Perl and the vmsit daemon on port, the administrator connects to the port via Telnet (telnet), enter the login and password for authorization. Further on, there is a choice of three commands:
-start-open access to ports for server administration, such as FTP, SSH, Telnet, Plesk
-stop-closes access to the administration port.
-exit terminates the current session
That is the meaning of this, if you need to work with the server (poadministrirovat′ it) come in, sign, open access, work, close access, go out.
The program was designed in the mode of hardcore programming, customization and usability of the minimum program lacks a system of rules for IPtables IP addresses that are logged. Just need authorization by IP incorrect count, so the password is not selected.
And because its set (I was lazily Installer do, who will send):
1) copy the file syguard.zip
2) unpack it to a folder entries (get/etc/syguard/)
3) give all files and folder permissions 755 and root
4) move from the folder/etc/syguard/syguard in file/etc/~ init.d/(for startup daemon)
5) chkconfig-add syguard (add the daemon to the startup)
6) changing the password and login to файле/etc/syguard/syguard.conf (do not use DIGITS ONLY, and remove the spaces)
7) in IPtables create 2 rules:
-syguard_close
Add Rule-A syguard_close-j REJECT-reject-with-Internet Control Message Protocol (icmp) port unreachable
-syguard_open
Add all the rules of access to ports (for example:-A syguard_open-p tcp-m tcp –dport 23-m state-state NEW-j ACCEPT)
At the end we add a rule-A syguard_close-j REJECT-reject-with-Internet Control Message Protocol (icmp) port unreachable
-in the main chain of the pobavlâem rule for access to our serverusyguardon by default on port 23000 (example:-A RH-Firewall-1-INPUT-p tcp-m tcp-dport-j ACCEPT 23000)
-further INPUT and FORWARD to add to the end of the chain of syguard_open (by default, access is open, then close via syguard)
Important!! SSH at the beginning do not carry out the main chain in syguard_open, because if you do that then don’t turn out you will not be able to access SSH. To start FTP, try. Here’s another you should have ONLY ONE MAJOR chain in the INPUT and FORWARD (I have a RH-Firewall-1-INPUT)
Here is a diagram of the IPtables of WebMin (not cuss)
Scheme rules for IPTables
Who did not understand the questions not to ask, an article is allowed to publish anywhere, link to the website of www.lostop.ru mandatory!!!
This development is forbidden to sell and use for commercial purposes!
All listings for sale and completion guide me.
All the good and kind words for the development of guide me.