[FreeNX-kNX] fail2ban and freenx

Holger Krull holger.krull at gmx.de
Fri Mar 14 10:06:31 UTC 2008

Verner Kjærsgaard schrieb:
> Fabian Franz skrev:

>>>   Please tell me if there is some log file where login failures would be 
>>> registered with the real IP and the time of failure.  Or if I can 
>>> modify something to get that.
>> You can modify nxserver.
>> Search for 404 and add a syslog command or whatever. The IP can be gotten from SSH_CLIENT.

>> echo "NX> 404 [...]"
>> syslog [... params ...] "Failed login for USER $USER. IP=$SSH_CLIENT".
>> Or whatever.
>> As I pointed out in IRC you can also use another public/private key pair, which you deploy to clients to reach your goal of preventing attackers. 

> I use Denyhosts (see http://denyhosts.sourceforge.net/)
> Then in /etc/hosts.allow I put to make sure that localhost
> doesn't get shut out.
> I think (??) this works as I indtend it to. Otherwise, please enlighten
> me :-)

As a sidenote, i use an iptables filter to prevent repeated login tries like this:
(bans a specific ip if more than 3 tries in one minute occours)

iptables -N sshd_bf
iptables -A sshd_bf -j LOG --log-prefix "sshd_brute_force "
iptables -A sshd_bf -j DROP

iptables -I INPUT 3 -p tcp --dport 22 -m state --state NEW -m recent --name SSH --set
iptables -I INPUT 4 -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j sshd_bf

with an additional '-i eth0' in the two match rules you could prevent a local connection from triggering this.
The position in the input queue (3 and 4) may differ with your setup.

More information about the FreeNX-kNX mailing list