Showing posts with label epel. Show all posts
Showing posts with label epel. Show all posts

11/05/2014

Denyhost 2.6 on CentOS 6.5

Denyhosts is another utility similar to fail2ban. It parses log files to identify potential attacks against SSH services. A clear advantage that Denyhosts has over fail2ban is the synchronisation mechanism since version 2.0[1]. Denyhosts permits communication with a central server to exchange information about denied hosts by other Denyhosts daemons. However unlike fail2ban, it does not modify any firewall (iptables) rules, instead it relies on tcpwrapper and the hosts.deny file to block ssh access. Fail2ban also offers the advantage of monitoring other services and logs, whereas Denyhosts is specific to SSH. There are other utilities which use tcpwrapper such which can handle additional services[2].

To install Denyhost using yum, ensure that the EPEL repository is installed and enabled (refer to old post[3] albeit an older version).

Installation and configuration

  1. vi /etc/hosts.allow     # whitelist any trusted hosts and/or networks
  2. yum install denyhosts     # install the denyhosts package
  3. vi /etc/denyhosts.conf     # change to suit, the file is well documented
  4. chkconfig denyhosts --level 2345 on     # set runlevels to start daemon on
  5. service denyhosts start    # manually start the daemon
  6. tail /var/log/denyhosts    # confirm daemon started successfully

References:

  1. http://denyhosts.sourceforge.net/
  2. http://www.aczoom.com/blockhosts/
  3. http://nkush.blogspot.com.au/2011/10/installing-snort-2912-on-centos-57.html
I wrote a small (single use) script to generate a set of iptables rules from the tcpwrapper hosts.deny file to drop traffic from denied hosts.


for A in `egrep -v '^#' /etc/hosts.deny | tr -d '\t' | tr -d 'ALL:' | grep '[0-9]'`
do
        echo "/sbin/iptables -I -s $A -j DROP"
done
No comments:
Labels: , , , , , , , , , , , ,

10/22/2014

Configuring RANCID on CentOS 6.5

RANCID stands for really awesome new cisco configuration differ[1] and polls Cisco devices to get a copy of the configuration and an inventory of the hardware and commits the details to a version control system such a CVS or SVN. The version control is used to maintain a history of the changes, and any changes to the configuration are reported. There are a number of guides available for installing RANCID[2,4,5], but I've documented the steps I took here for my reference.

Pre-requisites
You must have and use the EPEL repositories. Note that at the time this post was made, the current version was version 3.1[3]. However, the version available via EPEL was only 2.3.6.

Installation
  1. yum -y update
  2. yum -y upgrade
  3. yum -y install rancid
Configuration
  1. Edit the /etc/rancid/rancid.conf file to create a list of groups for your devices to change the LIST_OF_GROUPS variable e.g., LIST_OF_GROUPS="routers switches", change the CVSROOT if you are using SVN i.e., CVSROOT=$BASEDIR/SVN; export CVSROOT and change the RCS system if changing to SVN i.e., RCSSYS=svn; export RCSSYS
    1. vi  /etc/rancid/rancid.conf 
  2. Create e-mail aliases for the groups, note that the names should match. Edit the /etc/aliases file. Ensure that the newaliases command is execute after the file has been modified
    1. vi /etc/aliases
    2. newaliases
  3. The rancid group and users should already be created. The home directory for the rancid user corresponds with the BASEDIR in the configuration file viz. /var/rancid. Generate the svn repository for the configuration, group directories, and the log directories by running the rancid-cvs script
    1.  /usr/bin/rancid-cvs
  4. Add devices to each group to specify their IP address, the make or type, and their status i.e., up or down. Edit the router.db file in each group directory. e.g., c7206-core-router:cisco:up
    1. vi /var/rancid/routers/router.db
  5. Next the login credentials for each node is to be specified in the .cloginrc. Copy the file from the sample documentation, and edit the file to provide the login credentials. I prefer to explicitly set the node address, and user
    1. cp /usr/share/doc/rancid-2.3.6/cloginrc.sample /var/rancid/.cloginrc
    2. vi /var/rancid/.cloginrc
    3. chmod 600 .cloginrc
  6. Configure a user using TACACS or on your Cisco device to only have privilege to view the  config 
    1. username rancid privilege 3 secret <SECRET>
    2. privilege exec level 3 show start-config
  7. Change ownership of all files and directories in the rancid users home directory to the rancud group and user
    1. chown -R rancid:rancid /var/rancid
  8. Test the clogin as the rancid user
    1. su - rancid
    2. /usr/libexec/rancid/clogin c7206-core-router
  9. If all goes well, run rancid manually for the first time. This will generate config files for each define in the group in the config directory
    1. /usr/bin/rancid-run
  10. Schedule rancid and the cleanup by setting up cron jobs as the rancid user, crontab -e
# Minute   Hour   Day of Month   Month              Day of Week      Command
# (0-59)   (0-23) (1-31)         (1-12 or Jan-Dec)  (0-6 or Sun-Sat) /...

# shedule to run rancid every 15 minute
*/15 * * * * /usr/bin/rancid-run

# schedule to remove rancid log files over 2 days old at 8am
0 8 * * * /bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \;

References
  1. http://www.shrubbery.net/rancid/
  2. http://www.shrubbery.net/rancid/RhysEvans_overview_0.3.pdf
  3. ftp://ftp.shrubbery.net/pub/rancid/
  4. http://networklore.com/rancid-getting-started/
  5. http://fakrul.wordpress.com/2013/11/20/rancid-websvn-centos-howto/
No comments:
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)