Torqzone

Introduction

Ever been concerned with physical server security? Basically all your data on the server and the server itself are always vulnerable to physical equipment theft or tampering independent of how secure you make your online business.

A basic scenario for concern could be easy to find:

You store your important data on server, which is located at the server room or data center. You don’t own the server room and thus you rely on the provider to protect the equipment physically, this might not be enough.

In this article I will explain how to create an encrypted partition and mount it for use. The encrypted partition will be a file, located on a file system, but in order to read the contents of that file or mount it you need a password.

The first part you need are the tools. I will be working with debian 4.0 in this example, but it will work with other linux distributions.

First, install kernel headers for your running kernel version

apt-get install kernel-headers-2.6.8-1-386

Then you need to install the tools for encryption:

apt-get install module-assistant loop-aes-source

This will install kernel modules on to your system. As you can see from the package name this is

module-assistant prepare
module-assistant build loop-aes
apt-get install loop-aes-utils
module-assistant install loop-aes

This will build and install the module. If all the above steps succeeded you are ready to go.

dd if=/dev/zero of=volume bs=4k count=1280
losetup -e AES128 /dev/loop1 volume
mkfs -t ext3 /dev/loop1
losetup -d /dev/loop1
mkdir /mnt/secure
mount volume -o loop=/dev/loop1,encryption=AES128 /mnt/secure/ -t ext3

What this will do is create a small (5MB) secure volume. To make the volume larger increase the 
count value in the first line where dd utility is used.
After you do this, you will need to fill in the password and the system will be mounted.
After the system reboot or if a HDD is stolen the thief will not be able to read the contents of
the file unless he knows the password (which you should remember).

This is exceptionally useful for storing sensitive information, for example you could point your database or web server to store data on the secured partition, or you could store important files.

Abstract

DenyHosts is a small application, which blocks IP addresses, which abuse SSH. This helps alot of you are being brute forces on the SSH but some hijaked bot computer. I am sure everyone saw this in their log files. This article explains how to install DenyHosts and configure it.

Not supplied by default

Unfortunately openSuSE 10.3 does not come with DenyHosts be default, so a repository needs to be added in order to include it.  Navigate to http://packages.opensuse-community.org/ and choose 10.3 as your version, then enter denyhosts. The result should be the following:

There you see this one click install button, which is useful only if you are running openSuSE 10.3 on your desktop. I, for one, am running Vista, so I opened this file with a text editor and found the XML tag called <url>. This is the only data we will need from this file:

Once you found the url tag, log on to your linux box as root and start up YaST (yast2). Then go to  software repositories menu (in the Software section). From there select add and choose the HTTP type. After this a confusing window appears, which does not say anything about slashes and directories. You need to fill it up like so:

Now, just click finish and agree to any question YaST might have for you. Since this is one of the official repositories you are perfectly safe with trusting the key.

Installation

Now, you can navigate the the Software Management menu (in the Software section) and search for denyhosts. You should get one result, please install it. After that you should have (please check) the init script in /etc/init.d named denyhosts and the config file in /usr/share/denyhosts named denyhosts.cfg.

Configuration

Denyhosts comes preconfigured and the only thing that you probably want to change is the email address for report sending. The parameter name for this is ADMIN_EMAIL. Other parameters are very well commented.

After this, you can start up the daemon using /etc/init.d/denyhosts start. In a while you will get a report of the IPs, that were already banned (it parsed the existing log file). Additionally you will be receiving constant updates when some IP is banned.