• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 551
  • Last Modified:

configure sshblack installation settings


Im trying to set up sshblack (http://www.pettingers.org/code/sshblack.html) which is an automatic blacklisting program to stop hackers.  My knowledge of linux is pretty limited and i suspect that the answer is obvious.

I have sshblack up and running but when trying to complete the howto from (ttp://wiki.oss-watch.ac.uk/InstallingSshblack) i have got to the point where the perl script  on thier site has been copied and all the correct paths set. the following instructions are:

[root@luggage sshblack]# cp sshblack /etc/init.d
[root@luggage sshblack]# ls -al /etc/init.d/sshblack
-rwxr-xr-x  1 root root 1863 Dec 11 15:03 /etc/init.d/sshblack
[root@luggage sshblack]# chkconfig --add sshblack
[root@luggage sshblack]# chkconfig --list sshblack
sshblack        0:off   1:off   2:on    3:on    4:on    5:on    6:off

on my server:
[root@vpstream init.d]# ls -al /etc/init.d/sshblack
-rw-r--r--    1 root     root         2893 Jul  1 13:07 /etc/init.d/sshblack
so i chmod to 755  and made it the same as their example

the problem i want answered is on my server  2:off is set to off.
[root@vpstream init.d]# chkconfig --list sshblack
sshblack        0:off   1:off   2:off   3:on    4:on    5:on    6:off

I would like to know how to turn this on. (i suspect it is as simple and obvious as the chmod which wasnt included in the instructions)

And also:
service sshblack restart
is supposed to restart this program but it comes back with
[root@vpstream init.d]# service sshblack restart
(-): (-): No such file or directory

thank you for your help.


  • 4
  • 4
1 Solution

I would suggest you try pam_abl, what distrobution are you using?
ussherAuthor Commented:
redhat linux el3 it is a virtual server but unmanaged so i have to take care of security myself. i have rkhunter and logwatcher going which tell me i have hacking attempts now i want to block them.

Why is pam_abl better thatn sshblack?

I origionally wanted to use APF and BFD but could not  get  APF to work on my VPS because iptables needed to be reconfigured on the hardware node which would change all the VPS in my hosting companys server array so they suggested SSHBLACK.  


pam_abl can be configured with any services and its easy to configure, http://www.hexten.net/pam_abl/

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

ussherAuthor Commented:

OK i installed pam_abl  i think everything went ok, on make install there was one line that made me nervious "/bin/sh: line 1: cd: t: No such file or directory"

here is what i did:

pam_abl  pam_abl-0.2.3.tar.gz
[root@vpstream pam_abl]# make install
make: *** No rule to make target `install'.  Stop.
[root@vpstream pam_abl]# cd pam_abl
[root@vpstream pam_abl]# make install
cc -Wall -fPIC   -c -o pam_abl.o pam_abl.c
cc -Wall -fPIC   -c -o log.o log.c
cc -Wall -fPIC   -c -o config.o config.c
cc -Wall -fPIC   -c -o rule.o rule.c
ld -x --shared -ldb -lpthread -o pam_abl.so pam_abl.o log.o config.o rule.o
install --mode=755 --strip pam_abl.so /lib/security
#install --mode=644 conf/pam_abl.conf /etc/security
install -d --mode=755 /var/lib/abl
for d in t tools ; do cd $d && make install && cd .. ; done
/bin/sh: line 1: cd: t: No such file or directory
make[1]: Entering directory `/root/downloads/pam_abl/pam_abl/tools'
cc -Wall   -c -o log.o log.c
cc -Wall   -c -o config.o config.c
cc -Wall   -c -o rule.o rule.c
cc -Wall   -c -o pam_abl.o pam_abl.c
cc -ldb -lpthread -o pam_abl log.o config.o rule.o pam_abl.o
install --mode=755 --strip pam_abl /usr/bin
make[1]: Leaving directory `/root/downloads/pam_abl/pam_abl/tools'
[root@vpstream pam_abl]# cp conf/pam_abl.conf /etc/security
[root@vpstream pam_abl]# pico /etc/security/pam_abl.conf
[root@vpstream pam_abl]# cd /etc/security
[root@vpstream security]# ls
access.conf  chroot.conf  console.apps  console.perms  group.conf  limits.conf  pam_abl.conf  pam_env.conf  time.conf
[root@vpstream security]# pam_abl /etc/security/pam_abl.conf
Failed users:
Failed hosts:
[root@vpstream security]#

the instructions say to add some lines to the PAM config where is that file that im supposed to add these lines to?

Typically pam_abl.so is added to the auth stack as a required module just before whatever modules actually peform authentication. Here's a fragment of the PAM config for a production server that is running pam_abl:
auth      required      /lib/security/pam_env.so
auth      required      /lib/security/pam_abl.so config=/etc/security/pam_abl.conf
auth      sufficient      /lib/security/pam_unix.so likeauth nullok
auth      required      /lib/security/pam_deny.so



Open the /etc/pam.d/sshd and add the following line:

auth     required     /lib/security/pam_abl.so config=/etc/security/pam_abl.conf
ussherAuthor Commented:
thanks very much

auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so
auth     required     /lib/security/pam_abl.so config=/etc/security/pam_abl.conf

so im good to go now?  thanks.


When a failed attempt happends as root type:


and you will get something like this:

Failed users:
    nfsnobody (1)
        Not blocking
Failed hosts: (2)
        Not blocking (1)
        Not blocking (1)
        Not blocking
    incs-fo.b.astral.ro (1)
        Not blocking
    lxserv3.cs.denkosekka.ne.jp (1)
        Not blocking
ussherAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now