Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hello everyone
i have an redhat base server that was not support iptables.
by default when somebody telnet to server and enter wrong password , his access is blocked for 15s , i want to now how can i increase this time or block his ip automaticly .
i try to do this with xinetd and pam but it's not work or my way is wrong.
can anybody help me?
Two details surprise me. All Red Hat Enterprise Servers support a firewall. What is your version number? And what kind of system is using telnet nowadays?
What you want can be achieved with an intrusion prevention system like fail2ban.
Two details surprise me. All Red Hat Enterprise Servers support a firewall. What is your version number? And what kind of system is using telnet nowadays?
What you want can be achieved with an intrusion prevention system like fail2ban.
my server is an telephony server (not elastix or free pbx) and many features of redhat was delete from it.
i can do it with faillog command but its for one fail login. after that i must run command again. or run it with cron.
tellnet should not even be enabled by default .It should be disabled
Quote:
my server is an telephony server
what Version of RHEL ( if this is rhel) is this running or is it based on the long dead and long unsupported RH
( redhat did a name change in 2003 "RH" became "RHEL" )
to check
Code:
cat /etc/redhat-release
RedHat Enterprise Linux ( rhel) is not really free you HAVE to buy the required support contract
so i would suggest you contact Redhat and use the support contract you ARE paying for
tellnet should not even be enabled by default .It should be disabled
Agreed, you should never use Telnet.
The only time to use Telnet, is when troubleshooting connectivity. Can a distant user establish connection and say get the login banner? Even then, just use PuTTY.
Always remember this one thing about "stock distros": they often "enable everything but the kitchen sink." (Just as I well remember a RedHat distro that was prepared to offer hardware support for a "DecSystem token-ring network card," just in case you happened to have one in slot #3.)
You need to troll through these various lists. Be sure that the distro is not "automatically launching" (always, or in response to a port-connection request) any daemon process that you do not actually intend to use. Likewise, be sure that (a) the firewall is running, and that (b) it does not open any port that you do not intend to use.
Unless you intend to be using telnet, this port should not be open, and Linux should not be monitoring it and launching anything when anyone attempts to connect to it.
Always remember this one thing about "stock distros": they often "enable everything but the kitchen sink." (Just as I well remember a RedHat distro that was prepared to offer hardware support for a "DecSystem token-ring network card," just in case you happened to have one in slot #3.)
IMO, telnet, ftp and vsftpd are not installed on the RHEL systems, so less chance of risk.
However on RHEL5 a number of daemons come on by default (atd, bluetooth, cups and ISDN). Potential Risk.
RHEL6 samething, except no ISDN. At least iptables and ip6tables are set to start automatically.
(..) i have an redhat base server that was not support iptables. (..) my server is an telephony server (not elastix or free pbx) and many features of redhat was delete from it. (..) i use it for a user with limited access to server.
OK, I think it should go like this then:
0) put Telephony server in DMZ,
1) ensure SIP and other Telephony protocols get through the firewall properly,
2) put bastion host in DMZ,
3) enable TCP/22 white list (or fail2ban + ipset) and SSH with pubkeys on bastion host,
4) allow the user telnet only from bastion host (OK, or SSH tunnel) to only Telephony server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.