[SOLVED]How to allow only LOCAL logins?

CrapTop · 2009-09-18 10:08:12

I am all too familiar with the dangers of having the smallest hole in the wall for crackers to break in. A few weeks ago, someone broke into my Ubuntu box by bruteforcing my little brother's account remotely (he's not the sharpest tool in the shed) and then bruteforcing into root. I am still not exactly sure what happened, all I know is that my internet connection slowed down by about 20kbps for 5 or 6 days, then I couldn't log in even as root.

I would like to prevent the same thing from happening on Arch by COMPLETLY disabling remote login so nothing can get in as a user. I heard there was a way to do this with PAM and access.conf, but how do I know whether or not PAM is working (and how to start it at boot) and what to put into access.conf to allow access only to LOCAL users. Any help with this, would be greatly appreciated. I am also open to other (possibly mor secure) methods of doing this.

I am aware that there may be others who have posted a similar request on the forums, but I can't get past the first page of search results because of a bug on the forums (been there for a while, please fix it admin)

As an update to my very first post on the forums about thinkpad woes, I don't have to worry anymore because some idiot decided to steal it (on a Sunday no less) just a month after posting. Now I'm rockin out with a great PC built from a barebones kit. Arch and Compiz like my nvidia 6150 integrated graphics (which all M$ Crapware users say can't be used for gaming) And I can even run OA and Nexuiz without turning off Compiz (every gamers dream, right?). Arch is an amazing distro, and I hope to replace Ubuntu with it.

Last edited by CrapTop (2009-09-21 17:34:20)

brazzmonkey · 2009-09-18 10:20:53

How did this guy gained access to the computer? Using SSH?

jabol · 2009-09-18 11:17:22

The way that I do it:
Block every incoming traffic to the box but ssh (You can change ssh port if You want). In sshd.conf place "HostsAllow user" (without quota) and the user is You or any user created for this purpous, that has difficult password >8 or >10 chars. It is safe to assume that this password won't be cracked. Also add option not to permit root login and a delay between attempts to login when authentication failed, also max authentocation failure for reconnection (usually 3). When You want to be compleatly stealth try using something like port knockin or even better Single Packet Authorization. From the outside Your box wuold look like it has closed ports but seqence of packets or one prepared packed would open for example port 22. Cos of this method is that outside You have to have proper soft to open port (client to PK or SPA).

fukawi2 · 2009-09-18 12:35:32

Arch doesn't install any remote access software (eg, ssh) by default so as long as you don't install and configure any software like this, there's no remote access.

brazzmonkey · 2009-09-18 13:15:09

fukawi2 wrote:

Arch doesn't install any remote access software (eg, ssh) by default so as long as you don't install and configure any software like this, there's no remote access.

That was the point of my question...

CrapTop · 2009-09-18 13:49:28

Perhaps I didn't explain myself clearly. I want to make remote log in absolutely impossible. And with my Ubuntu box, it was something other than ssh as that wasn't installed

brazzmonkey · 2009-09-18 14:18:21

Well, if you say someone bruteforced access to your computer, then you should be able to say which software could be remotely accessed, shouldn't you?
Then, as fukawi2 stated, if no remote access software is installed, you should be reasonably safe.

andre.ramaciotti · 2009-09-18 14:18:54

I think it's pretty clear what you want, what's weird is how someone would achieve remote access to your Ubuntu box if it weren't running SSH.

I think that Ubuntu wouldn't come with SSH enabled by default, but I don't have the slightest idea of some other way someone could break in into your box. Are you sure your little brother isn't to blame? This wouldn't explain the drop in you connection speed, though.

Anyway, Arch comes with all ports closed by default. Theoretically, you should be secure if you don't manually start unnecessary daemons.

fukawi2 · 2009-09-18 23:15:52

CrapTop wrote:

Perhaps I didn't explain myself clearly. I want to make remote log in absolutely impossible. And with my Ubuntu box, it was something other than ssh as that wasn't installed

With Arch, a default install is like a building with no doors or windows. (No pun intended) And you're saying you want to put locks on these non-existent doors and windows...?

CrapTop · 2009-09-19 08:23:52

Well, ubuntu for some reason has rdesk installed (or some other kind of remote login thing) don't remember exactly what it was called, all I know is that I removed it after reinstalling ubuntu. So anyway, if you're saying that I'm already protected from system crackers, then how do I prevent a denial or service attack? Not just talking about what I mentioned in my first post, but also while playing online games. In OpenArena, my internet connection sometimes gets severed completely (my gateway/modem disconnects as if my ISP pulled the plug) without any indication as to why. This usually happens when I am in first or second place during deathmatch, or when I have the flag in ctf and my team is winning, so it has to be on purpose. My ISP of course insists that their stuff works perfectly (yeah, right, maybe if you switch to linux on your servers). If you can't tell me how to solve that problem, then at least tell me how to hit them back and knock them off the net. Also happens in runescape and Nexuiz (though not nearly as often).

hw-tph · 2009-09-19 12:17:38

CrapTop wrote:

(...)
If you can't tell me how to solve that problem, then at least tell me how to hit them back and knock them off the net. Also happens in runescape and Nexuiz (though not nearly as often).

You don't seem to have much of a firm grasp of networking and security. I suggest you read up a bit on it and don't ask for l33t h4xxoring help on forums... It is generally frowned upon.

quarkup · 2009-09-20 11:02:04

By following this guide and youll be able to block bruteforcing attacks (the bruteforce blocking its in the script) and it just works flawlessly.

http://wiki.archlinux.org/index.php/Sim … wall_HOWTO

Last edited by quarkup (2009-09-20 11:04:19)

CrapTop · 2009-09-20 18:49:19

You're right, sorry hw. Anyway, I followed the howto in the wiki, but people are still kicking me off the net while I'm playing a game. I found out that the cause of the problem is my ISP. They're giving the gateway/modem the same address over and over (static ip) so theres nothing I can do about it because all the script kiddies have to do is hack the servers at the ISP (running Winblows ) Where I live, the only other choice for internet is cable (only good late at night) so I guess I need to find some other games to play. Anyway, thanks for the help and I hope to eventually grow into a guru like a normal noob.

.:B:. · 2009-09-20 18:55:07

CrapTop wrote:

Perhaps I didn't explain myself clearly. I want to make remote log in absolutely impossible. And with my Ubuntu box, it was something other than ssh as that wasn't installed

If Ubuntu does it the way Debian does, then SSH is auto-started upon installation. So that would be a potential vulnerability. Another possibility would be telnet, but that should be running too. I don't know of any other software that would allow remote logins.

If you want to be sure, just install a firewall (and configure it). The only way you will completely prevent someone from getting into your computer remotely will be to disconnect it from the internet.

Arch Linux

#1 2009-09-18 10:08:12

[SOLVED]How to allow only LOCAL logins?

#2 2009-09-18 10:20:53

Re: [SOLVED]How to allow only LOCAL logins?

#3 2009-09-18 11:17:22

Re: [SOLVED]How to allow only LOCAL logins?

#4 2009-09-18 12:35:32

Re: [SOLVED]How to allow only LOCAL logins?

#5 2009-09-18 13:15:09

Re: [SOLVED]How to allow only LOCAL logins?

#6 2009-09-18 13:49:28

Re: [SOLVED]How to allow only LOCAL logins?

#7 2009-09-18 14:18:21

Re: [SOLVED]How to allow only LOCAL logins?

#8 2009-09-18 14:18:54

Re: [SOLVED]How to allow only LOCAL logins?

#9 2009-09-18 23:15:52

Re: [SOLVED]How to allow only LOCAL logins?

#10 2009-09-19 08:23:52

Re: [SOLVED]How to allow only LOCAL logins?

#11 2009-09-19 12:17:38

Re: [SOLVED]How to allow only LOCAL logins?

#12 2009-09-20 11:02:04

Re: [SOLVED]How to allow only LOCAL logins?

#13 2009-09-20 18:49:19

Re: [SOLVED]How to allow only LOCAL logins?

#14 2009-09-20 18:55:07

Re: [SOLVED]How to allow only LOCAL logins?

Board footer