Denyhost 2.6 on CentOS 6.5

Denyhosts is another utility similar to fail2ban. It parses log files toidentify potential attacks against SSH services. A clear advantage thatDenyhosts has over fail2ban is the synchronisation mechanism sinceversion 2.0[1]. Denyhostspermits communication with a central server to exchange informationabout denied hosts by other Denyhosts daemons. However unlike fail2ban,it does not modify any firewall (iptables) rules, instead it relies ontcpwrapper and the hosts.deny file to block ssh access.

Read More →

Configuring RANCID on CentOS 6.5

RANCID stands for really awesome new cisco configuration differ[1]and polls Cisco devices to geta copy of the configuration and an inventory of the hardware and commitsthe details to a version control system such a CVS or SVN. The versioncontrol is used to maintain a history of the changes, and any changes tothe configuration are reported. There are a number of guides availablefor installing RANCID[2,4,5], but I’ve documented thesteps I took here for my reference.

Read More →

Installing OpenVPN 2.2 on CentOS 6.3 64bit

This post is just an update of a previous post that used CentOS 5.7 andOpenVPN 2.2(http://nkush.blogspot.com.au/2011/10/installing-openvpn-22-on-centos-57.html).The basic instructions are the same, however this post uses some newerpackages which may have been relocated to new URLs. Again this blog andthe posts are mostly for my own reference and not intended asstep-by-step instuctions for other systems/network administrators Install RPMForge or RepoForge as it’s now known[1] wgethttp://pkgs.

Read More →

Installing OpenVPN 2.2 on Centos 5.7

OpenVPN is an SSL based VPN. There are other VPN solutions such asIPsec, etc. but OpenVPN provides a cost effective alternative. I likeOpenVPN as it support two-way authentication, i.e. both the client andserver authenticate using certificates. To install OpeVPN on CentOS weneed a number of cryptographic libraries. The simplest way is to use theDAG/RPMForge repository. Set-up the RPMForge repository [1], asthis contains the packages necessary for the installation and theinstructions are provided below.

Read More →

Installing Snort 2.9.1.2 on CentOS 5.7

CentOS 5.7 uses an older version of libpcap (0.9.4), but Snort’s DataAcquisition Library (daq) needs a newer version of libpcap (>=1.0.0).The latter is not an issue with the CentOS 6.0. Vishesh Kumar [1]provides an excellent instructions to getting Snort 2.9 to run on RHEL 5(http://www.linuxmantra.com/2010/10/install-snort-29-on-rhel-5.html).The purpose of this post is not to duplicate his efforts, but to extendit slightly to include instructions for a complete Snort set-up.

Read More →