LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > 4MLinux
User Name
Password
4MLinux This forum is for the discussion of 4MLinux.

Notices


Reply
  Search this Thread
Old 07-02-2016, 05:18 AM   #1
zk1234
4MLinux Maintainer
 
Registered: Oct 2010
Location: Poland
Distribution: 4MLinux, Slackware
Posts: 658

Rep: Reputation: 133Reputation: 133
Brute-force protection in 4MLinux 18.0 and later


I received an email concerning an important security feature introduced in 4MLinux 18.0. A user is asking why his WiFi printer is no longer working after updating 4MLinux to its latest stable version. The short answer is: the 4MLinux firewall is blocking your printer's port. Open the /etc/firewall/config file:
Code:
# Accept all internal requests:
LOCALHOST=yes

# Accept external ping requests:
PINGS=yes

# Accept external traceroute requests:
TRACEROUTE=yes

# Allow outgoing traffic:
OUTGOING=yes

# Allow incoming traffic to the following ports:
PORTS="21 22 23 80 443 3306"

# Allow passive ftp connections:
PASSIVE=yes

# Blacklist IP addresses from the following list:
BLACKLIST=/etc/firewall/black.list
and add your printer's port to the PORTS list.

****
Why does your firewall start itself again and again.
4MLinux 18.0 introduces a new brute-force protection. The SSH server in 4MLinux makes use of a new script (run via cron daemon), which scans log files for failed login attempts. If found, the script (re)starts firewall (with modified settings) to prevent/stop brute-force attacks.
Check the /var/log/btmp.log file to find out who is trying to log in into the system.

.
 
Old 07-02-2016, 03:41 PM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,850
Blog Entries: 36

Rep: Reputation: 455Reputation: 455Reputation: 455Reputation: 455Reputation: 455
Are you using fail2ban? No need to restart the firewall. Also, restarting the firewall can pose a minor risk where, during restart, an established connection can be created.
 
Old 07-02-2016, 05:07 PM   #3
zk1234
4MLinux Maintainer
 
Registered: Oct 2010
Location: Poland
Distribution: 4MLinux, Slackware
Posts: 658

Original Poster
Rep: Reputation: 133Reputation: 133
Quote:
Originally Posted by sag47 View Post
Are you using fail2ban? No need to restart the firewall. Also, restarting the firewall can pose a minor risk where, during restart, an established connection can be created.
No. There is no fail2ban in 4MLinux. All servers in 4MLinux (Apache, MySQL, OpenSSH, Postfix, vsftpd, polipo) are controlled by simple, highly customized scripts written by me (customized = much different from the ones you can find in any other distro).

My anti-brute-force script modifies iptables settings and starts or restarts firewall to apply these changes. This may be a surprise for an user to see the firewall running, when the /etc/server/autostart.conf file looks as follows:
Code:
# Choose the servers to start during the boot time:
FIREWALL=no
FTP=no
HTTP=no
PROXY=no
SMTPD=no
SSH=yes
TELNET=no
The user can see the firewall ignoring these default setting by starting itself again and again (each boot). I wrote this post to explain what is going on.

.

Last edited by zk1234; 07-02-2016 at 06:03 PM.
 
Old 07-03-2016, 03:31 PM   #4
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,850
Blog Entries: 36

Rep: Reputation: 455Reputation: 455Reputation: 455Reputation: 455Reputation: 455
Can I have a link to your scripts? I'm curious to read them. Also, I highly encourage you to design your firewall rules so it doesn't require restarting the firewall to apply rules. Check out the firewall rules for my raspberry pi. No seriously .

https://github.com/samrocketman/home...iptables.rules. You can add and remove rules from the *_allow and *_deny chains without having to affect refreshing the firewall. I got the idea from RedHat's firewalld (which is just a wrapper for iptables like most distro firewalls).
 
Old 07-03-2016, 04:20 PM   #5
zk1234
4MLinux Maintainer
 
Registered: Oct 2010
Location: Poland
Distribution: 4MLinux, Slackware
Posts: 658

Original Poster
Rep: Reputation: 133Reputation: 133
Quote:
Originally Posted by sag47 View Post
Can I have a link to your scripts? I'm curious to read them. Also, I highly encourage you to design your firewall rules so it doesn't require restarting the firewall to apply rules. Check out the firewall rules for my raspberry pi. No seriously .

https://github.com/samrocketman/home...iptables.rules. You can add and remove rules from the *_allow and *_deny chains without having to affect refreshing the firewall. I got the idea from RedHat's firewalld (which is just a wrapper for iptables like most distro firewalls).
You'll need these two:
https://sourceforge.net/projects/lin...addons/server/
https://sourceforge.net/projects/lin...dons/iptables/

All the packages can be found here:
https://sourceforge.net/projects/lin...s/18.0/addons/

To see it in action (e.g. in Virtual Box [32-bit]) you can use 4MLinux or this little baby:
https://sourceforge.net/projects/thesss/ (my LAMP server, which is below 70MB in size :-)

.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Does anyone know if guardian can be set to block brute force attacks and only brute f abefroman Linux - Software 2 06-05-2008 10:55 AM
Brute Force... Cottsay Linux - Software 1 03-02-2006 03:58 PM
someone trying to brute force me stitchman Slackware 8 12-16-2005 02:02 PM
Brute force DHCP SSBN Linux - Networking 10 10-21-2003 10:34 AM
Brute Force kwigibo Linux - General 2 08-01-2002 12:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > 4MLinux

All times are GMT -5. The time now is 05:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration