Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: Jean-Philippe Pialasse on March 30, 2008, 06:52:53 AM
-
Hello here is a new contribs to protect you from ssh intrusion and bruteforce attack on this deamon.
here where you can find it : http://mirror.contribs.org/smeserver/contribs/jppialasse/SME7/denyhosts (wait for mirrors to update)
please do not install yet on production server , or at you r own risk.
I ask some returns before doing so.
do not forget to configure properly your ssh access, this contribs will help you to secure it but it won't do all :
- do not use weak password
- do not permit root login
- do not open external ssh acces if lan access is enough
- do not permit password login, only allow private ssh key with passphrase
- you can also change standart ssh port to another port like 2222.
JPP
-
Fixed:
http://mirror.contribs.org/smeserver/contribs/jppialasse/SME7/denyhosts
-
release 0.2 on its way on mirrors a minor bug in the templates was corrected.
still one minor bug at install :
not well-formed (invalid token) at line 5, column 10, byte 60 at /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/XML/Parser.pm line 187
smeserver trap post-install: smeserver-denyhosts
if someone could explain me what it is about ... i guess it is something about the menu of the control pannel
-
Hi. Thanks for this contrib, I was looking for something like this. But I've a problem when I install it:
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
smeserver-denyhosts noarch 2.6-0.2 smeserver-denyhosts-2.6-0.2.noarch.rpm 391 k
Transaction Summary
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 391 k
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
smeserver trap pre-install: smeserver-denyhosts
cp: ne peut �valuer `/etc/hosts.evil': Aucun fichier ou r�pertoire de ce type
error: %pre(smeserver-denyhosts-2.6-0.2.noarch) scriptlet failed, exit status 1
error: install: %pre scriptlet failed (2), skipping smeserver-denyhosts-2.6-0.2
Migrating existing database backups
Migrating existing database yum_updates
Migrating existing database yum_repositories
Migrating existing database spamassassin
Migrating existing database mailpatterns
Migrating existing database accounts
Migrating existing database yum_available
Migrating existing database hosts
Migrating existing database domains
Migrating existing database yum_installed
Migrating existing database networks
Migrating existing database configuration
smeserver trap post-install: smeserver-denyhosts
Installed: smeserver-denyhosts.noarch 0:2.6-0.2
Complete!
================================================================
No new rpms were installed. No additional commands are required.
================================================================
The problem comes from the spec file, line 68:
if [ /etc/hosts.evil ]
It should be
if [ -e /etc/hosts.evil ]
Another problem I see in the spec file is this line, if we upgrade the rpm:
rm -rf /etc/e-smith/templates-custom/etc/host.allow
Why are you deleting custom templates here? You should, at least tell the user their custom templates will be ereased (and better, not delete it in the scriplet, just print a message like "you should delete your custom templates for the file /etc/hosts.allow" if it's really necessary)
Anyway, thanks for your work. I'll test it further and report any other problem. Have you opened a new bug for this contrib?
-
Why are you deleting custom templates here?
...
Have you opened a new bug for this contrib?
Since you have found a problem, it would be good if you could please open a bug report.
-
I'll do so as soon as the contrib is added in the bug tracker (bug 4145 (http://bugs.contribs.org/show_bug.cgi?id=4145) is a request for that.)
-
I'll do so as soon as the contrib is added in the bug tracker...
You can do it earlier, and just leave the contrib name 'Unknown'.
-
hello thank you for your interest . i am waiting for a category in the bug tracker so for the moment here is a good way to have feed back.
thank you VIP-ire for the -e i forgot it. For the template custom it is a way to correct a bug from the 0.1 release where this template was created, but as you might know host.allow should not exist but hosts.allow yes.
I do not want to prompt user for it as it might be installed from server-manager and the user might do not see it.
so i will release a 0.3 now correcting this few bugs.
I am still searching for this error:
"not well-formed (invalid token) at line 5, column 10, byte 60 at /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/XML/Parser.pm line 187
smeserver trap post-install: smeserver-denyhosts "
-
release 0.3 on its way on mirrors:
corrected :
- error found by VIP-ire
- error with XML parser
JPP