Re: Blacklisting IPs
These types of attacks don't seem directed -- it's more like fishing for unprotected systems. FWIW, changing the ssh port dropped the illegal user attempts to 0 instantly... - ben On Mon, 10 Jan 2005 23:29:10 -0800, Ted Mittelstaedt [EMAIL PROTECTED] wrote: If I'm going to attack you I'm going to use nessus to scan all ports on your machine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blacklisting IPs
Thanks for the input, everyone! Port-knocking is overkill at this point, but I did do the following things to sshd_config: Set port to non-default PermitRootLogin no LoginGraceTime 45s AllowUsers lists only one user -- me. :) I also did route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole... I think telnet was disabled by default in the base 5.3 install... I know this attack was probably random, but the whole reason I took over as sysadmin and switched to FreeBSD is that our RHE box was being broken into almost nightly -- so I'm sensitive to security concerns. Is there anything else I should consider doing to the stock FreeBSD to fortify it? It already feels about 100 times more secure than RH... - ben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Blacklisting IPs
Hello again, My 5.3R system has only been up a little over a week, and I've already had a few breakin attempts -- they show up as Illegal user tests in the /var/log/auth.log... It looks like they're trying common login names (probably with the login name used as passwd). It takes them hours to try a dozen names, but I'd rather not have any traffic from these folks. Is there any way to blacklist IPs at the system level, or do I have to hack something together for each daemon? - ben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Postfix + SASL issue
Hello, I seem to be having some issue with saslauthd and postfix on 5.3-R... When I try to send mail out, it fails, and puts this in /var/log/maillog: Jan 4 05:56:17 n00330 postfix/smtpd[8103]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Jan 4 05:56:17 n00330 postfix/smtpd[8103]: warning: SASL authentication failure: Password verification failed It's weird, because it was working before, and then I tweaked something, and it broke. I've recompiled postfix and cyrus-sasl2-saslauthd, to no avail. Make a make deinstall broke something along the way? I don't even know what to suspect. I think it might be a permissions issue, since saslauthd is running -- but I can't be sure. Does this sound familiar to anyone? - ben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: courier-imap installation
Thanks, though I've switched to qpopper, and it's working fine. Now my only problem is trying to get postfix working with TLS and SASL. I'm working off of these instructions: http://yocum.org/faqs/postfix-tls-sasl.html But even though postfix and saslauthd are running with no problems, I can't seem to coax the server to accept TLS connections with SASL authentication... Telneting into port 25, the server is totally silent. - ben On Sun, 02 Jan 2005 08:51:43 +0100, Volker Kindermann [EMAIL PROTECTED] wrote: Hi Ben, /usr/local/etc/rc.d/courier-imap-pop3d.sh.sample (because I'm trying to run a POP3 server) and now I get: /usr/local/etc/courier-imap/pop3d does not exist, forgot make install-configure? perhaps you should rename the courier files in /usr/local/etc/rc.d from servicename.sample to servicename? Like: cd /usr/local/etc/rc.d mv courier-imap-pop3d.sh.sample courier-imap-pop3d.sh And then try again? -volker ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
courier-imap installation
Hey everyone, I'm a n00b to FreeBSD, and I'm trying to install courier-imap with 5.3, but I'm not sure what steps I should be taking. I did: pkg_add -r courier-imap However, when I do: /usr/local/libexec/courier-imap/imapd.rc start (as the courier-imap manual instructs), it gives me: /usr/local/etc/courier-imap/imapd does not exist, forgot make install-configure? Which is odd, because imapd actually seems to be in /usr/local/bin/imapd, and I would assume that courier-imap was configured properly when it was prepared as a port. I would just change the relevant line in imapd.rc, but I don't want to go mucking around with something I don't fully understand -- especially because I need this server to be extremely secure and by the book. Also, is there a way to manage courier-imap via Webmin? Sorry if the answer is obvious or really common -- posting really is my last resort after searching this list and the web for help. Outside of this problem, I'm loving FreeBSD. It reminds me of my days running NetBSD/mac68k on my Mac IIsi. :) Thanks in advance! - ben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: courier-imap installation
Martin, Thanks for the quick reply! I ran /usr/local/etc/rc.d/courier-imap-pop3d.sh.sample (because I'm trying to run a POP3 server) and now I get: /usr/local/etc/courier-imap/pop3d does not exist, forgot make install-configure? Where would the pkg_mesg file be? - ben On Sat, 1 Jan 2005 21:06:47 +, Martin Hepworth [EMAIL PROTECTED] wrote: If you did from the ports tree then they'll be an rc script in /usr/local/etc/rc.d (or look in the pkg_mesg file in the directory to see exactly where it it... -- Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: courier-imap installation
Should I be using qpopper instead? - ben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: courier-imap installation
Cool -- so now I think I may have the daemon running -- ps ax | grep pop reveals: 564 p0 I 0:00.00 /usr/local/sbin/courierlogger pop3d However, I'm unable to connect via a POP3 client... I'm not sure what my /etc/inetd.conf line should look like -- I'm using: pop3stream tcp nowait root:wheel /usr/local/bin/pop3dpop3d - ben On Sat, 01 Jan 2005 15:03:23 -0700, Danny MacMillan [EMAIL PROTECTED] wrote: Did you look in the /usr/local/etc/courier-imap directory? It will contain a number of *.dist files that you will have to copy and modify to configure your installation. For example, if you want to serve imap you will have to rename imapd.dist to imapd and edit the resulting /usr/local/etc/courier-imap/imapd file so that it is configured the way you want. The file is heavily commented and the necessary changes should be trivial. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]