11/05/2014

Setting up git

Git is yet another open source version control, and seems to be the tool of choice for contemporary coding mavericks. I still prefer svn and cvs, for centralised version control, but can appreciate why some projects may require distributed repositories as afforded by git.

Setting up a central git repository on a server is easy. You basically setup a user, whose home directory is used to store the repositories, and allow access to people using keys, where the user retain their private key and their public key is saved as an authorised key for the git user account.

Note: I've documented the steps I used below for my benefit. The name of the server has been replace with <SERVER>, and the source code repository example is project.git

Set-up

  1. groupadd git
  2. useradd -g git -d /home/git -m git
  3. su - git
  4. mkdir -p /home/git/.ssh
  5. cat id_rsa.pub > /home/git/.ssh/authorized_keys
  6. chmod 600 /home/git/.ssh/authorized_keys
  7. chmod 700 /home/git/.ssh
  8. exit
  9. vi /etc/passwd     # change the shell for user git from /bin/bash to /usr/bin/git-shell
    1. /usr/bin/git-shell
  10. vi /etc/ssh/sshd_config     # ensure that the following are uncommented
    1. RSAAuthentication yes
    2. PubkeyAuthentication yes
    3. AuthorizedKeysFile      .ssh/authorized_keys
  11. service sshd restart
Git Notes
  • Create repositories
  1. cd /home/git
  2. mkdir project.git
  3. cd project.git
  4. git --bare init
  • Initially adding to the repository
  1. git init
  2. git add .
  3. git commit -m 'initial commit'
  4. git remote add origin git@<SERVER>:/home/git/project.git
  5. git push origin master
  • Other users cloning the repository
  1. git clone git@<SERVER>:/home/git/project.git
References:
  1. http://git-scm.com/book/en/Git-on-the-Server-Setting-Up-the-Server

Denyhost 2.6 on CentOS 6.5

Denyhosts is another utility similar to fail2ban. It parses log files to identify potential attacks against SSH services. A clear advantage that Denyhosts has over fail2ban is the synchronisation mechanism since version 2.0[1]. Denyhosts permits communication with a central server to exchange information about denied hosts by other Denyhosts daemons. However unlike fail2ban, it does not modify any firewall (iptables) rules, instead it relies on tcpwrapper and the hosts.deny file to block ssh access. Fail2ban also offers the advantage of monitoring other services and logs, whereas Denyhosts is specific to SSH. There are other utilities which use tcpwrapper such which can handle additional services[2].

To install Denyhost using yum, ensure that the EPEL repository is installed and enabled (refer to old post[3] albeit an older version).

Installation and configuration

  1. vi /etc/hosts.allow     # whitelist any trusted hosts and/or networks
  2. yum install denyhosts     # install the denyhosts package
  3. vi /etc/denyhosts.conf     # change to suit, the file is well documented
  4. chkconfig denyhosts --level 2345 on     # set runlevels to start daemon on
  5. service denyhosts start    # manually start the daemon
  6. tail /var/log/denyhosts    # confirm daemon started successfully

References:

  1. http://denyhosts.sourceforge.net/
  2. http://www.aczoom.com/blockhosts/
  3. http://nkush.blogspot.com.au/2011/10/installing-snort-2912-on-centos-57.html
I wrote a small (single use) script to generate a set of iptables rules from the tcpwrapper hosts.deny file to drop traffic from denied hosts.


for A in `egrep -v '^#' /etc/hosts.deny | tr -d '\t' | tr -d 'ALL:' | grep '[0-9]'`
do
        echo "/sbin/iptables -I -s $A -j DROP"
done