hey, i took your advice and installed iptables with some very strict rules for a firewall…seems to be going great (i think)
iptables is IMHO one of the more cool things about linux
was sondering if you could look at the iptables save file and tell me if it’s sufficient to stop some ass from taking my server again…?

understand… the best firewall in the world will do nothing to stop a determined and skilled hacker
cracker excuse me
rather slow him waaaaay down…
exactly

or at least confuse his stupid ass windows script….
it is like crypto, you raise the cost (time) that it takes to get into the machine so that it is not worth his while
so, with that said.. sure i will look at your firewall
well..step 1 is I disabled SSH and FTP to outside, only allowed over ETH1 (localhost) and even then it’s logged

http://pastebin.ca/65001

looking
at first look, it looks ok. it would take a few hours to walk through it and im not going to do that unless you pay me
lol

of course
a few suggestions.. move your ssh to a non standard port
and block and ignore hits on your regular port
that will stop 99% of ssh bot attacks
you have quite a few ports open. make sure they are all for services that you actually need
ok. I’ve currently got it only listening to ssh on port 22 over the eth1(LAN port)(no external access)
yeah i see that now that is good
but it doesnt do you any good if you want remote access
are you running X?

No, i’ve got a vpn router that I dial into, then ssh over 22
ok that is good
and aparently, spam assassin requires 783 in and out, but I can’t figure out why i need 43 open
once you have your ports locked down, the next step is to spend as much time on each application that is exposed to the world. dont depend on updates keeping you protected. know the apps and make sure you dont have a configuration that allows something you dont want
i think spamassassin’s ports are only on your loopback interface
yeah, I need to make sure I keep up on my software…I’m only running qmail/vpopmail and httpd on this box (with SpamAss and ClamAV)
been a while since i ran spamassassin
i’ll look into that
what is 43

and 143 443 and 993
if you dont know.. close them until something complains
it was enabled by the tutorial I read…143=IMAP (I only need this over localhost) 443(https), 993(IMAP4)
you can probably safely remove all the output rules and just open output
43 is a whois, but I don’t run a whois
unless you have other users on the macine that you want to restrict
i’m the only admin user

the only other thing i see, and this is a different way of looking at a firewall, i set INPUT to DROP and only open the specific ports that I use
but you would have to rewrite your firewall to do that
that’s what :INPUT DROP [1:242] does
default is drop, otherwise accept only a few ports
oh i was looking at your mangle table
i dont normally look at the iptable save format

yeah, me either, but the tutorial at iptablesrocks.org was pretty helpful so I figured I use it
man iptables is complex. guess that’s because it’s based on tcp/ip which is very complex
*man like the person, not like the manual…
heh did you remember to that the “reset” out of your crontab

yeah…I actually host the server locally so I never used it…when I locked myself out I just iptables –flush from the console
i’m trying to determine if “-A INPUT -i eth1 -p all -s 10.10.0.0/24 -j ACCEPT” is sufficient enough to allow all traffic over my LAN
seems like my samba ports are getting blocked over ETH1(LAN) by the firewall
several of my servers were physically 60 miles away. I have, on several occasions, cussed myself for the 60 minute drive
that was not co-location.. that is where all my stuff was

but that is another story for another day
do you have the “picture” of how iptables traffic flows
I guess I could say that my servers are at my home because my office is basically my home…haha
i live about 15 min away, but am here 16 hours a day

yeah i practically live at my office too
my house is .3 mi from the door to my office
you know talking to ppl in here…i’m surprised how many live here in southern california
i wonder if there is a LUG around here…

i prefer my ground NOT to move
of course, tomorrow afternoon there is a good chance i will see the underside of what remains of a big tropical storm/hurricane
well…earthquakes happen in many parts of the world (see India circa dec 2004)
in my opinion, living anywhere on the ring-of-fire is just waiting for a hammer to drop on your head
but whereever you live, there are hazards

of course….but it’s a little scarry, but you can’t beat the weather, or the job opporunities, or the illegal mexican women looking for a green card….
in answer to your earlier question… make sure you insert the rule such that the packet doesnt get disallowed by another rule before you allow it
you know…it’s kind of sad to see that a LUG around my area is using frontpage/windows servers to create their homepage… http://www.rdfoerster.com/LUGIE/
heh you should call them on it

yeah, the firewall appears to be correctly blocking ports when I change the firewall rules, so it must be allowing some, then blocking rest…
google for and grab yourself one of the iptables flow charts
if your going to be doing much of this, it really comes in handy
I will do that…I used to rely on lokkit to configure the firewall…but the rules really aren’t that hard to learn
lockit will trash your firewall if you use it now

yeah that trash isn’t ever going to be used again.
i don’ think it sets up default drop, it think it leaves default policy to accept
lockit is great for setting the default firewall… anything beyond that, it fails
that’s what I’m seeing now…

I need to look into some of my apps now…like qmailadmin, or vqadmin…and possibly upgrade them
thanks for all yer help so far….
is it necessary to use iptables to block outgoing requests from my server?
or is blocking almost all incomming requests reasonable enough security?
no, it is not necessary

how are you linking remote desktop with linux ?

network .. via either a crossover cable .. or a router/hub
you can also do virtualization

vmware and xen .. awesome tech ..
you mean I’ll access linux from within windows ?
you can do it that way .. or the other IseeIsee

linux -> windows tsclient and remote desktop
windows -> linux xvnc / tightvnc
aha

how different would that experience be from using the OS directly ?
you can also share printers / drives .. with samba linux < -> windows both ways

IseeIsee: very
the whole basic usage of linux is different
the filesystem it sits on is different

I really need some help here…it appears I’ve got someone who’s hacking into my mail server…

has hacked or is hacking ?
and whay do ya say that ?
well..they logged in via SSH according to my last logs
they actually logged in ?
root pts/1 acb73d0e.ipt.aol Sat Jun 10 06:51 gone – no logout
yes

your box is dead
take it ofline and reinstall
after you made a backup for investigational reasons
file an incident report
but I don’t see how they are logging in. It’s a VERY secure Root pw..and it happened last weekend and I reinstalled it
and
then they got in again after I changed all passwords
contact the isp where the login is coming from

CheeseHea, that means they have been on there for a while
reinstall
wipe everything
thats the only option
next time ensure you are fully updated
lock out root login
write an iptables script and lockout all ports you dont want
use log roate

roatate to email you logs and manually check them too
No, I used to have another server that worked for about a year. Then I noticed that they logged in and did something. So i took it down and reinstalled from scratch on another machine to replace the old hacked box. they got into the new machine too with all new pw’s!
CheeseHea, no offence
and when I reinstalled, i yum updated the whole system before installing the mail server sftw
but then either you are a compelte retard…or you dont update or i dont know
they MUST be explioting a vuln in my system, cuz they couldn’t have guessed the root pw, it’s 27 chars long
I’m betting I’m a complete retard….
Action: CheeseHea chuckles

Read the rest of this entry »

from fedora how can i ping my windows xp?

to day i put one of my server box
fedora
i have problem
from my windows xp ping 192.168.1.10 is fedora ip

is ok work i have reply
buy
when i pt
need user name and password
to locek from windows xp
O_O
i dont understand that ??

Read the rest of this entry »

i’ve just installed kde from the packages manager.

How can i switch from gnome to kde ?

And make kde my default GUI on startup ?

on the logon screen, click on sessions
you can switch to kde there
ok thanks

trying it right away

np

thanks again it worked just fine

I configured it so my apache will listen to a new IP I have, but I heard I need to first configure it at the eth0?

how do I do that?

no you don’t
you just tell apache which ip(s) to listen on
so.. what do I do? since it does not listen to that IP
in the conf.. there is a Listen
Listen ip:port
and, where is the apache access log is?
/var/log/httpd
(98)Address already in use: make_sock: could not bind to address [::]:80
no listening sockets available, shutting down
try to turn off selinux
setenforce 0
then try
same
what is your listen lines?
no need to edit /etc/sysconfig/network-scripts/ifcfg-eth ?
no as long as the ip is up
up?
yes
you see it in a ifconfig -a right?
no. Its new ips
I did not use it yet.
ok then set them up and it’ll work

where can i get the default fedora sendmail.mc file \

or can i reinstall sendmail to get it?

rpm -q –whatprovides sendmail.mc
no package provides sendmail.mc

maybe wrong file ?
rpm -q –filesbypkg sendmail
that shows it
sendmail /etc/mail/sendmail.mc
ok rpm -q –whatprovides /etc/mail/sendmail.mc
now it shows a file
sendmail-8.13.6-0.FC5.1
Read the rest of this entry »