Check the logs: # nano /var/log messages PAM-hulk[13813]: Brute force detection active: 580 LOGIN DENIED Check cphulkd.log at /usr/local/cpanel/logs # nano /usr/local/cpanel/logs/login_log 72.177.xxx.xx - root [11/04/2014:05:48:13 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 72.177.xxx.xx
On Tuesday, October 14, 2014, iSIGHT Partners and Microsoft announced a Zero-Day vulnerability named “Sandworm” found in all versions of Microsoft Windows and Windows Server 2008 and 2012. The vulnerability has been exploited in a small number of cyberespionage attacks against NATO, energy companies, a US academic organization and many others. Microsoft has since created a patch and released it…
Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository: rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm Follow up by installing fail2ban: yum install fail2ban The default fail2ban configuration file is location at /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should instead make a local copy of it. cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local After…
Whitelisting is setup in the jail.conf file using a space separated list. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8 # This will ignore connection…
Intrusion Detection Systems - this can be gaied by a Cisco or other firewall
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store ortransmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). General requirements for compliance Firewall Intrusion Drevention Systems Intrusion Prevention Systems Dedicated IP addresses PCI Cage
According to The Register, a serious vulnerability in SSL v3 will be disclosed tomorrow on October 15th. Some people are recommending disabling SSL v3 in various daemons until further notice. A vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. SSL 3.0 is nearly 18 years…
Products Affected: Product/Channel Fixed in package Remediation details Red Hat Enterprise Linux 7 bash-4.2.45-5.el7_0.2 Red Hat Enterprise Linux Red Hat Enterprise Linux 6 bash-4.1.2-15.el6_5.1 Red Hat Enterprise Linux bash-4.1.2-15.el6_5.1.sjis.1 Red Hat Enterprise Linux bash-4.1.2-9.el6_2.1 Red Hat Enterprise Linux 6.2 AUS bash-4.1.2-15.el6_4.1 Red Hat Enterprise Linux 6.4 EUS Red Hat Enterprise Linux 5 bash-3.2-33.el5.1 Red Hat Enterprise Linux bash-3.2-33.el5_11.1.sjis.1 Red Hat…
Source: http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/ Also, for CentOS: http://www.tecmint.com/ssh-two-factor-authentication/ Want to secure your SSH server with easy-to-use two-factor authentication? Google provides the necessary software to integrate Google Authenticator’s time-based one-time password (TOTP) system with your SSH server. You’ll have to enter the code from your phone when you connect.
Check the server if it is root compromised. lsattr /usr/bin Root compromised output. All of those files are set to immutable and append only. That's what the "ia" you see is. [root@mail ~]# lsattr /usr/bin s---ia------- /usr/bin/bzcmp s---ia------- /usr/bin/getkeycodes s---ia------- /usr/bin/enc2xs s---ia------- /usr/bin/mail-files s---ia------- /usr/bin/chage s---ia------- /usr/bin/mdeltree s---ia------- /usr/bin/nslookup s---ia------- /usr/bin/semodule_link s---ia------- /usr/bin/mbchk s---ia------- /usr/bin/rpcgen s---ia------- /usr/bin/lkbib s---ia------- /usr/bin/dig s---ia-------…