Add endlessh tarpit

20220130140137-cyber.org

@@ -1,6 +1,6 @@
 :PROPERTIES:
 :ID:       5943c76c-8b25-4cbd-b0b9-c819e5a490ba
-:mtime:    20220305154620
+:mtime:    20220927114913
 :ctime:    20220130140137
 :END:
 #+title: cyber
@@ -20,6 +20,8 @@
 ** Linux: [[id:262f233d-9ae9-4bd7-a8e9-cba392a2c1f6][AIDE]]
 
 * Serveur
+** "Tarpit"
+*** [[id:1ed652bc-bdcc-4410-a207-fb470df29e71][endlessh]]
 ** Tips
 *** [[id:9eedbc4b-a961-4057-b2d8-8f10845f0478][Vérification des cyphers suites acceptées par un serveur]]
 

20220927093748-endlessh.org

@@ -0,0 +1,39 @@
+:PROPERTIES:
+:ID:       1ed652bc-bdcc-4410-a207-fb470df29e71
+:mtime:    20220927114630
+:ctime:    20220927093748
+:END:
+#+title: endlessh
+
+* Introduction
+Outil permettant de ralentir les tentatives de connexions SSH sur le port 22 en envoyant une bannière très lentement
+(client SSH bloqué pendant des heures), l'idée étant de se connecter depuis un autre port.
+
+* Installation
+#+BEGIN_SRC shell
+cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
+sed -i 's/#Port 22/Port 2222/g' /etc/ssh/sshd_config
+systemctl restart sshd
+
+apt install endlessh
+mkdir /etc/endlessh
+cat >/etc/endlessh/config <<EOF
+Port 22
+EOF
+
+setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
+mkdir /etc/systemd/system/endlessh.service.d/
+cat /etc/systemd/system/endlessh.service.d/override.conf <<EOF
+[Service]
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+PrivateUsers=false
+EOF
+systemctl daemon-reload
+systemctl restart endlessh.service 
+#+END_SRC
+
+* Références
+ * [[https://github.com/skeeto/endlessh][endlessh - github]]
+ * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-an-endlessh-tarpit-on-ubuntu-22-04][How To Set Up an Endlessh Tarpit on Ubuntu 22.04 - DigitalOcean]]
+
+