Hello All,
This is my scenario.
Quote:
192.168.1.10 | box1 | CentOS 5.8 64 Bit
192.168.1.20 | box2 | CentOS 5.8 64 Bit
|
I have read
here that we can use
SENSOR option to
block the IP for some defined time of the machine which tries to access the service for all other
Xinetd services.
This is what I have done till now, used SENSOR option in
/etc/xinetd.d/telnet.
Code:
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = SENSOR
type = INTERNAL
socket_type = stream
wait = no
user = nobody
deny_time = 45
}
Now, when I try to access the telnet from 192.168.1.10, below lines gets logged in
/var/log/messages
Code:
root@box2:~# tail -f /var/log/messages
Mar 3 16:37:51 box2 xinetd[4548]: 4548 {process_sensor} Adding 192.168.1.10 to the global_no_access list for 45 minutes
Mar 3 16:37:51 box2 xinetd[4548]: FAIL: telnet address from=192.168.1.10
Ideally, all other xinetd services should be blocked for 45 minutes, but when I try to use rysnc I am able to use it
Code:
root@box1:~# rsync -e ssh -avz 192.168.1.20:/usr/games /usr -n
root@192.168.1.20's password:
receiving incremental file list
games/
games/testfile
sent 18 bytes received 68 bytes 34.40 bytes/sec
total size is 0 speedup is 0.00 (DRY RUN)
root@box1:~#
Please let me know how to tackle this, have I missed anything.