« November 2005 | Main | January 2006 »

December 31, 2005

Change FTP Port

After I changed the ssh port, combined with the changes of net.inet.tcp.blackhole and net.inet.udp.blackhole, now the server is completely free of ssh login attempts. I realized these two changes should be made together, it doesn't make much sense to change only one of them. For example, if only change the port, the server will still respond to the port scan, it very probably gets more scan activity. What if only changed the system varibles? Since the ports of common services are the main target, the evil people still can easily find the ports to attack.

This reminded me of the ports of other common service, especially FTP. There are also lots of attempts for anonymouse FTP account, the message in /var/log/messages look like:
pure-ftpd: [ERROR] Unable to set up secure anonymous FTP

I'm using pure-ftpd (switched from proftpd), very easy installation and worked very well.

I used command line to start pure-ftpd. But to change the port, configuration file is necessary.
Copy or rename /usr/local/etc/pure-ftpd.conf.sample to /usr/local/etc/pure-ftpd.conf.

I changed "NoAnonymous no" to
"NoAnonymous yes".

The default configuration for port:
# IP address/port to listen to (default=all IP and port 21).
# Bind 127.0.0.1, 21

It should be very easy to change this, but I coudn't figure out the format for "all IP", very silly :-(.

Start pure-ftpd with the configuration file:
# /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf

Category : Security

Posted by FreeBSD Newbie at 06:01 PM | Comments (4)

December 26, 2005

Change sshd Port

I used default port number 22 for sshd, the server got lots of login attempts every day which left thousands of lines in daily security run output.

There are several variables related to port range in sysctl, mine is different from the default value, although I didn't modify anything.

# sysctl -a | grep portrange
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.last: 65535
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535

net.inet.ip.portrange.first and net.inet.ip.portrange.last are supposed to be 1024 and 5000 according to the FreeBSD manual. I was worried being locked outside of the box and didn't modify the sshd port.

I can't bear the annoying automate login attempts any more and decided to give it a try. It's easy to change:

Add a line in the file /etc/ssh/sshd_config:
Port 8888

Reload sshd
#/etc/rc.d/sshd reload

I opened another putty client to test the login, everything worked fine. The great thing is the old ssh connection is still active after the sshd modification and reload, I always have the chance to revert the configuration back if it doesn't work.

By the way, binding the ssh login to a static IP is highly recommended.

Category : Security

Posted by FreeBSD Newbie at 10:00 AM | Comments (2)

December 11, 2005

Postfix Mail Queue

List the mail queue:
# /usr/bin/mailq

Delete a mail by mail id (get the mail id with the above command):
# postsuper -d mail_id

Delete all message in the mail queue:
# postsuper -d ALL

Category : Email

Posted by FreeBSD Newbie at 09:05 PM | Comments (0)