Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

configure sshblack installation settings

Posted on 2006-06-30
Last Modified: 2012-06-22

Im trying to set up sshblack (http://www.pettingers.org/code/sshblack.html) which is an automatic blacklisting program to stop hackers.  My knowledge of linux is pretty limited and i suspect that the answer is obvious.

I have sshblack up and running but when trying to complete the howto from (ttp://wiki.oss-watch.ac.uk/InstallingSshblack) i have got to the point where the perl script  on thier site has been copied and all the correct paths set. the following instructions are:

[root@luggage sshblack]# cp sshblack /etc/init.d
[root@luggage sshblack]# ls -al /etc/init.d/sshblack
-rwxr-xr-x  1 root root 1863 Dec 11 15:03 /etc/init.d/sshblack
[root@luggage sshblack]# chkconfig --add sshblack
[root@luggage sshblack]# chkconfig --list sshblack
sshblack        0:off   1:off   2:on    3:on    4:on    5:on    6:off

on my server:
[root@vpstream init.d]# ls -al /etc/init.d/sshblack
-rw-r--r--    1 root     root         2893 Jul  1 13:07 /etc/init.d/sshblack
so i chmod to 755  and made it the same as their example

the problem i want answered is on my server  2:off is set to off.
[root@vpstream init.d]# chkconfig --list sshblack
sshblack        0:off   1:off   2:off   3:on    4:on    5:on    6:off

I would like to know how to turn this on. (i suspect it is as simple and obvious as the chmod which wasnt included in the instructions)

And also:
service sshblack restart
is supposed to restart this program but it comes back with
[root@vpstream init.d]# service sshblack restart
(-): (-): No such file or directory

thank you for your help.


Question by:ussher
  • 4
  • 4
LVL 16

Expert Comment

ID: 17030056

I would suggest you try pam_abl, what distrobution are you using?

Author Comment

ID: 17034647
redhat linux el3 it is a virtual server but unmanaged so i have to take care of security myself. i have rkhunter and logwatcher going which tell me i have hacking attempts now i want to block them.

Why is pam_abl better thatn sshblack?

I origionally wanted to use APF and BFD but could not  get  APF to work on my VPS because iptables needed to be reconfigured on the hardware node which would change all the VPS in my hosting companys server array so they suggested SSHBLACK.  

LVL 16

Expert Comment

ID: 17035152

pam_abl can be configured with any services and its easy to configure, http://www.hexten.net/pam_abl/

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.


Author Comment

ID: 17035515

OK i installed pam_abl  i think everything went ok, on make install there was one line that made me nervious "/bin/sh: line 1: cd: t: No such file or directory"

here is what i did:

pam_abl  pam_abl-0.2.3.tar.gz
[root@vpstream pam_abl]# make install
make: *** No rule to make target `install'.  Stop.
[root@vpstream pam_abl]# cd pam_abl
[root@vpstream pam_abl]# make install
cc -Wall -fPIC   -c -o pam_abl.o pam_abl.c
cc -Wall -fPIC   -c -o log.o log.c
cc -Wall -fPIC   -c -o config.o config.c
cc -Wall -fPIC   -c -o rule.o rule.c
ld -x --shared -ldb -lpthread -o pam_abl.so pam_abl.o log.o config.o rule.o
install --mode=755 --strip pam_abl.so /lib/security
#install --mode=644 conf/pam_abl.conf /etc/security
install -d --mode=755 /var/lib/abl
for d in t tools ; do cd $d && make install && cd .. ; done
/bin/sh: line 1: cd: t: No such file or directory
make[1]: Entering directory `/root/downloads/pam_abl/pam_abl/tools'
cc -Wall   -c -o log.o log.c
cc -Wall   -c -o config.o config.c
cc -Wall   -c -o rule.o rule.c
cc -Wall   -c -o pam_abl.o pam_abl.c
cc -ldb -lpthread -o pam_abl log.o config.o rule.o pam_abl.o
install --mode=755 --strip pam_abl /usr/bin
make[1]: Leaving directory `/root/downloads/pam_abl/pam_abl/tools'
[root@vpstream pam_abl]# cp conf/pam_abl.conf /etc/security
[root@vpstream pam_abl]# pico /etc/security/pam_abl.conf
[root@vpstream pam_abl]# cd /etc/security
[root@vpstream security]# ls
access.conf  chroot.conf  console.apps  console.perms  group.conf  limits.conf  pam_abl.conf  pam_env.conf  time.conf
[root@vpstream security]# pam_abl /etc/security/pam_abl.conf
Failed users:
Failed hosts:
[root@vpstream security]#

the instructions say to add some lines to the PAM config where is that file that im supposed to add these lines to?

Typically pam_abl.so is added to the auth stack as a required module just before whatever modules actually peform authentication. Here's a fragment of the PAM config for a production server that is running pam_abl:
auth      required      /lib/security/pam_env.so
auth      required      /lib/security/pam_abl.so config=/etc/security/pam_abl.conf
auth      sufficient      /lib/security/pam_unix.so likeauth nullok
auth      required      /lib/security/pam_deny.so


LVL 16

Accepted Solution

xDamox earned 250 total points
ID: 17035613

Open the /etc/pam.d/sshd and add the following line:

auth     required     /lib/security/pam_abl.so config=/etc/security/pam_abl.conf

Author Comment

ID: 17035739
thanks very much

auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so
auth     required     /lib/security/pam_abl.so config=/etc/security/pam_abl.conf

so im good to go now?  thanks.

LVL 16

Expert Comment

ID: 17035791

When a failed attempt happends as root type:


and you will get something like this:

Failed users:
    nfsnobody (1)
        Not blocking
Failed hosts: (2)
        Not blocking (1)
        Not blocking (1)
        Not blocking
    incs-fo.b.astral.ro (1)
        Not blocking
    lxserv3.cs.denkosekka.ne.jp (1)
        Not blocking

Author Comment

ID: 17035823

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question