dpsystems / login-shield Goto Github PK

Sorry for appearing again here.

I have Login-Shield running on my Nextcloud instance and am facing actually not being able to establish a ssh session from Internet.
I found Login-Shield preventing the session to be established (using custom port, masked) :) On LAN it's working as expected:
Jan 31 16:48:19 localhost kernel: [266656.307915] ShD-LgnIN=eth0 OUT= MAC=dc:a6:32:b3:34:e8:dc:ef:09:b2:be:23:08:00 SRC=194.230.147.14 DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=45681 DF PROTO=TCP SPT=59274 DPT=<custom> WINDOW=64240 RES=0x00 SYN URGP=0
I'm always feared to break something (closing out myself) when working on this.

Would it be sufficient to comment out the appropriate line on the blacklist?

Some guidance would be great.

Thanks a lot.

There's been some good comments about this set of scripts and what others are out there. So I thought I might as well dedicate one of these issue threads to discussing various ideas:

• Other similar systems out there
• Approaches towards netsec issues and pros/cons regarding blacklisting
• Suggestions and improvements for login-shield
• etc..

Great idea! Would definitely like some more flexibility, e.g., we have staff that travels to different parts of the world, including China. But I ran blacklist-main-nonUS.sh and and subnet 150.0.0.0/8 is listed and our IP's are in the 150.108.*.* address space and we're definitely in the US (New York).

How are you pulling in these class A IP's? What source(s) are you using? We use the lists from badips.com and blocklist.de but those are individual IP's.

Hi
I am trying to set up Login-Shield on RPI4B, 64bit OS, Buster, as suggested at "https://github.com/DPsystems/Login-Shield/blob/master/INSTALL". When it comes to "sudo ./blacklist-main-nonUS.sh" i get errors like "./blacklist-main-nonUS.sh: 9: ./blacklist-main-nonUS.sh: [[: not found" and "./blacklist-main-nonUS.sh: 15: ./blacklist-main-nonUS.sh: Syntax error: "(" unexpected (expecting "then")".
I don't know if it's me doing something wrong or if this is not suitable at all for my needs.
thx for helping.

There are two scripts that come with the system that provide reports on the effectiveness of login-shield. Feel free to share any details from these reports to show how well your system is working.

Here are some current examples from mine:

./count_logins.sh:

Here is my main web server: (edit and tab over 4 spaces to make it come out properly)

      _                 _             _____ _     _      _     _
     | |               (_)           / ____| |   (_)    | |   | |
     | |     ___   __ _ _ _ __ _____| (___ | |__  _  ___| | __| |
     | |    / _ \ / _` | | ^_ \______\___ \|  _ \| |/ _ \ |/ _` |
     | |___| (_) | (_| | | | | |     ____) | | | | |  __/ | (_| |
     |______\___/ \__, |_|_| |_|    |_____/|_| |_|_|\___|_|\__,_|
                   __/ |
                  |___/
    
    ============= Login-Shield Statistics based on current log files ===========
     Using: /var/log/messages and /var/log/secure
    -- Number of login failures in log files: 14
    Start: Apr  4 03:10:02 
    End  : Apr 27 07:12:17 
    =====================================
    --        Number of filtered connections: 10270
    ============================================================================
    Total system attacks: 10284
    Blocked attempts    : 10270
    Attacks got through : 14
    ---------------------------------
    % Of Attacks Blocked: 99.8639%
    ============================================================================

I would love to test login-shield on my server... it's a really great idea!

I run Debian 10 with fail2ban. However, I use nftables instead of iptables... In principle, it would be no problem to convert each rule of the login-shield to nftables' syntax. however, I wonder what will happen if login-shield is updated...? Would I have to convert the new rules again? perhaps, it would be great if login-shield would work with both, iptables and nftables... what do you think?