Koozali.org: home of the SME Server

[Announce] new contrib smeserver-denyhosts RC

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
[Announce] new contrib smeserver-denyhosts RC
« on: March 30, 2008, 06:52:53 AM »
Hello here is a new contribs to protect you from ssh intrusion and bruteforce attack on this deamon.

here where you can find it : http://mirror.contribs.org/smeserver/contribs/jppialasse/SME7/denyhosts  (wait for mirrors to update)


please do not install yet on production server , or at you r own risk.

I ask some returns before doing so.

do not forget to configure properly your ssh access, this contribs will help you to secure it but it won't do all :

- do not use weak password
- do not permit root login
- do not open external ssh acces if lan access is enough
- do not permit password login, only allow private ssh key  with passphrase
- you can also change standart ssh port to another port like 2222.


JPP
« Last Edit: March 30, 2008, 07:41:26 AM by unnilennium »


Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: [Announce] new contrib smeserver-denyhosts RC
« Reply #2 on: March 30, 2008, 09:13:51 PM »
release 0.2 on its way on mirrors a minor bug in the templates  was corrected.


still one minor bug at install :
Code: [Select]
not well-formed (invalid token) at line 5, column 10, byte 60 at /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/XML/Parser.pm line 187
smeserver trap post-install: smeserver-denyhosts

if someone could explain me what it is about ... i guess it is something about  the menu of the control pannel

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: [Announce] new contrib smeserver-denyhosts RC
« Reply #3 on: March 31, 2008, 01:55:11 PM »
Hi. Thanks for this contrib, I was looking for something like this. But I've a problem when I install it:
Code: [Select]
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 smeserver-denyhosts     noarch     2.6-0.2          smeserver-denyhosts-2.6-0.2.noarch.rpm  391 k

Transaction Summary
=============================================================================
Install      1 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         
Total download size: 391 k
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
smeserver trap pre-install: smeserver-denyhosts
cp: ne peut �valuer `/etc/hosts.evil': Aucun fichier ou r�pertoire de ce type
error: %pre(smeserver-denyhosts-2.6-0.2.noarch) scriptlet failed, exit status 1
error:   install: %pre scriptlet failed (2), skipping smeserver-denyhosts-2.6-0.2
Migrating existing database backups
Migrating existing database yum_updates
Migrating existing database yum_repositories
Migrating existing database spamassassin
Migrating existing database mailpatterns
Migrating existing database accounts
Migrating existing database yum_available
Migrating existing database hosts
Migrating existing database domains
Migrating existing database yum_installed
Migrating existing database networks
Migrating existing database configuration
smeserver trap post-install: smeserver-denyhosts

Installed: smeserver-denyhosts.noarch 0:2.6-0.2
Complete!
================================================================
No new rpms were installed. No additional commands are required.
================================================================

The problem comes from the spec file, line 68:
Code: [Select]
if [ /etc/hosts.evil ]

It should be
Code: [Select]
if [ -e /etc/hosts.evil ]

Another problem I see in the spec file is this line, if we upgrade the rpm:
Code: [Select]
rm -rf /etc/e-smith/templates-custom/etc/host.allow

Why are you deleting custom templates here? You should, at least tell the user their custom templates will be ereased (and better, not delete it in the scriplet, just print a message like "you should delete your custom templates for the file /etc/hosts.allow" if it's really necessary)

Anyway, thanks for your work. I'll test it further and report any other problem. Have you opened a new bug for this contrib?
C'est la fin du monde !!! :lol:

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: [Announce] new contrib smeserver-denyhosts RC
« Reply #4 on: March 31, 2008, 04:17:33 PM »
Why are you deleting custom templates here?
...
Have you opened a new bug for this contrib?

Since you have found a problem, it would be good if you could please open a bug report.

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: [Announce] new contrib smeserver-denyhosts RC
« Reply #5 on: March 31, 2008, 04:21:35 PM »
I'll do so as soon as the contrib is added in the bug tracker (bug 4145 is a request for that.)
C'est la fin du monde !!! :lol:

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: [Announce] new contrib smeserver-denyhosts RC
« Reply #6 on: March 31, 2008, 04:27:38 PM »
I'll do so as soon as the contrib is added in the bug tracker...

You can do it earlier, and just leave the contrib name 'Unknown'.

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: [Announce] new contrib smeserver-denyhosts RC
« Reply #7 on: March 31, 2008, 04:28:40 PM »
hello thank you for your interest . i am waiting for a category in the bug tracker so for the moment here is a good way to have feed back.


thank you VIP-ire for the -e i forgot it.  For the template custom it is a way to correct a bug from the 0.1 release where this template was created, but as you might know host.allow should not exist but hosts.allow yes.

I do not want to prompt user for it as it might be installed from server-manager and the user might do not see it.

so i will release a 0.3 now correcting this few bugs.


I am still searching for this error:

"not well-formed (invalid token) at line 5, column 10, byte 60 at /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/XML/Parser.pm line 187
smeserver trap post-install: smeserver-denyhosts "

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: [Announce] new contrib smeserver-denyhosts RC
« Reply #8 on: March 31, 2008, 09:01:06 PM »
release 0.3 on its way on mirrors:

corrected :
- error found by VIP-ire
- error with XML parser


JPP