Sunday, April 6, 2008

Getting Programs to Run Automatically when Slackware Starts

I have recently cannibalized my old Linux server that was running Ubuntu Linux on a P3 933MHz machine and moved some of the parts over to a new machine with dual 800MHz P3 processors. I made the switch because my old machine just started acting weird, and got to where I could not even boot from a CD-ROM. I backed up all my files, bit the bullet, and got to work. I decided to install Slackware Linux on my new box. This was the first Linux distribution I ever used, and it is one that will teach you the most, because it does the least for you. Slackware is a hard core, roll-up-your-sleeves-and-get-down-to-the-nitty-gritty-details distribution of Linux, with the added benefit of being very stable and very fast, even on limited older hardware.

After setting up sshd server for remote login, I naturally wanted to harden it against attacks. A quick check of my logs after just 2 days of going live revealed that a host in Plano, Texas had already been attempting some basic dictionary attacks against my sshd server. They were just trying the usual bullshit, attempting to log in on names such as "user", "admin", "webmaster", and other typical names that no one with security in mind would ever actually set up on their server. The IP address of the offender is: 67.64.222.74, and a "whois" on www.dnsstuff.com will reveal that it is an IP address from Plano. A little more research told me that this IP belonged to Beaulieu Marketing Inc, so it is probably just a compromised box that they don't even realize has been hijacked.

Moving on, there is a great script out there written in Python by Phil Schwartz that scans your sshd log file for failed login attempts to your machine. You can configure it in different ways to ban the IP address of hosts that try to log in on different users. For instance, I have my denyhosts configuration file set up to ban immediately any user who attempts to log in on root (the superuser/administrator) and fails 1 time (this is a moot point anyway, as I disallow remote root login from my sshd config file). If they try to log in on an invalid user name, they only get 3 tries before they are banned. If it is a valid user name, then 10 tries. The script can be configured to run as often as you want in the background, e.g. every 10 minutes.

Another great program that I needed to get up and running is one called inadyn, which allows you to update you IP address with DynDNS service whenever it changes, so you can have a DNS name (e.g. google.com, telegraph.co.uk, etc) even when you don't pay your ISP for a static IP address. It will work behind a NAT router as well because it pings you from the outside. This is also a program that runs in the background and will connect to the DynDNS service and cause it to ping you from the outside , and if your IP address has changed and is different from what DynDNS has stored, it will update it in their system. This means that I can always access my home Linux server by using a dnsname like http://www.yourservername.com/ instead of having to remember my IP address whenever I leave my house. Plus, your IP address could change between the time you leave your house and try to access your server remotely leaving you SOL.

So, these two programs are great, but I needed to have them run automatically on boot, so I would not have manually restart them every time I reboot. Slackware uses a different system of starting programs and services at boot, than I was used to from Ubuntu. In Ubuntu, you simply make a symbolic link to the executable file you want to run in /etc/init.d/ with the appropriate prefix to dictate the order the programs are run at startup. Slackware, however, uses a BSD like system of rc.d, and this requires one to write shell scripts (#!/bin/sh NOT #!/bin/bash) to start your program up.

The execution chain starts with inittab still, so you have to make sure that, after you create your scripts in the /etc/rc.d directory, there is some chain of execution that eventually causes them to execute. And DO NOT add "exit 0" at the end of your scripts, as this will cause anything executed after them not to run because it closes the shell. Also the scripts must be made executable and must be owned by root:

$>chmod +x rc.inadyn
$>chown root rc.inadyn


and

$>chmod +x rc.denyhosts
$>chown root rc.denyhosts


These are the shell scripts I created:
rc.inadyn
**********************************
#!/bin/sh

case "$1" in
'start')
/usr/bin/inadyn
;;
'stop')
pkill inadyn
;;
'reload''restart')
$0 stop
$0 start
;;
*)
echo "Usage: $0 startstoprestartreload"
exit 1
esac

*********************************
rc.denyhosts
*********************************
#!/bin/sh

case "$1" in
'start')
/usr/share/denyhosts/daemon-control start
;;
'stop')
/usr/share/denyhosts/daemon-control stop
;;
'reload''restart')
/usr/share/denyhosts/daemon-control restart
;;
'status')
/usr/share/denyhosts/daemon-control status
;;
'debug')
/usr/share/denyhosts/daemon-control debug
;;
'condrestart')
/usr/share/denyhosts/daemon-control condrestart
;;
*)
echo "Usage: $0 startstoprestartreloadstatusdebugcondrestart"
exit 1
esac

*****************************

The following, I added to /etc/rc.M file which is run by init when multiuser mode starts:

# Start denyhosts.py to start scanning /var/log/messages
if [ -x /etc/rc.d/rc.denyhosts ]; then
echo "Starting Denyhosts daemon"
. /etc/rc.d/rc.denyhosts start
fi

# Start inadyn to update DynDNS
if [ -x /etc/rc.d/rc.inadyn ]; then
echo "Starting inadyn daemon"
. /etc/rc.d/rc.inadyn start
fi

No comments: