Archive

Archives pour 06/2021

Debian TARPIT iptables How To

20/06/2021 Comments off

After recently upgrading some of my servers to Debian Wheezy, I noticed the xtables-addons-dkms package is now available. This means you no longer have to build the iptables modules from source to get tarpit support (and more). If you are not sure what the tarpit target is or why you would want to use it, a basic explaination is that you send unwated TCP traffic to the tarpit target with iptables. All connections are accepted and immediatedly switched to the persist state. The remote side stops sending data and asks to continue every 60-240 seconds and attemts to close the connections from the remote side are ignored. The connection will then timeout in 12-24 minutes.

You might want to do this to slow down and even crash port scans (eg. routed unused ip space to a server with these rules in the forward chain in iptables).


To get started, install the xtables-addons-dkms package:

# apt-get install xtables-addons-dkms

Add rules to send traffic to the tarpit target to suite your needs. Some examples are:

  • Server does not host MSSQL or MySQL database, tarpit those ports:
    iptables -A INPUT -p tcp --dport mysql -j TARPIT
    iptables -A INPUT -p tcp --dport ms-sql-s -j TARPIT
  • Tarpit all TCP connections incoming from the IP address 123.123.123.123:
    iptables -A INPUT -p tcp -s 123.123.123.123 -j TARPIT
  • Tarpit all ports, this would be used as the last rule in an existing firewall in place of a reject/drop rule. If you do not have a reject/drop rule do not use this rule unless you know what you are doing.
    iptables -A INPUT -p tcp -j TARPIT

To test that the above rules are working you can telnet to the host on a port that should go to the tarpit. If the connection works and your connection does not get closed within a few minutes it is working.

As an example of the effect this has on a port scan, I ran nmap on the host before and after. The results speak for themselves:

Before:

After:

Routers between you and the attacker may have issues due to the large amount of connections that will be held open, so make sure you gear can handle it before you try this (the nmap scan as above had a constant 500+ connections open for the tarpit scan alone). This can be an issue if you have a large range routed to the server doing the tarpit.

Source: sysadminblog.net

HowTo Disable The Iptables Firewall in Linux

12/06/2021 Comments off

Source: nixCraft

need to disable firewall in Linux for testing purpose. I’m using CentOS and RHEL version 4.4 / 5 / 6. How do I disable the firewall in Linux?

A Linux firewall is software based firewall that provides protection between your server (workstation) and damaging content on the Internet or network. It will try to guard your computer against both malicious users and software such as viruses/worms.

Task: Disable / Turn off Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following two commands (you must login as the root user):
# /etc/init.d/iptables save
# /etc/init.d/iptables stop

Turn off firewall on boot:
# chkconfig iptables off

Task: Enable / Turn on Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following command to turn on iptables firewall:
# /etc/init.d/iptables start
Turn on firewall on boot:
# chkconfig iptables on

Lire la suite…

HowTo: Linux Check Password Strength With Cracklib-check Command

06/06/2021 Comments off

check password strengthUsing the same password on different servers allows attackers to access your accounts if cracker manage to steal your password from a less secure server. This is true for online website accounts too. So solution is to create unique passwords for server accounts like your email, sftp and ssh accounts. General guideline to create a strong and unique password is as follows:

Creating a strong and unique password for Linux or Unix-like systems

  1. Create a password with mix of numbers, special symbols, and alphabets.
  2. Make sure your password is hard to guess. You can use tool such as makepasswd to create hard to guess password.
  3. Do not use simple words like “password“, “123456“, “123abc” or “qwerty“.
  4. Use a unique password for all your server accounts.
  5. A minimum password length of 12 to 14 characters should be used. See how to configure CentOS / RHEL / Fedora Linux based server password quality requirements.
  6. Generating passwords randomly where feasible. You can do this with a simple shell scriptfunction.
  7. If possible use two-factor authentication.
  8. Use pam_crack to ensure strong passwords and to check passwords against a dictionary attack.

But, how do you test the effectiveness of a password in resisting guessing and brute-force attacks under Linux? The answer is simple use cracklib-check command.

Install cracklib on a Linux based system

Type the following yum command to install on RHEL and friends:
# yum install cracklib

Type the following apt-get command to install on Debian/Ubuntu and friends:
# apt-get install libcrack2

Lire la suite…

Installation et configuration d’Observium sous debian / ubuntu

03/06/2021 Comments off

Source: NooBUNBOX

Observium est un système de supervision de réseaux basé sur PHP / MySQL. Il supporte une large gamme de distributions (Windows, Linux, FreeBS, ESXI, etc.) et de matériels (Cisco, Linksys, Juniper, Dell).

Observium se décline en deux versions :

  • Observium Community Edition : une version gratuite, open-source et mise à jour tous les 6 mois.
  • Observium Profesionnal : une version payante (£150/an) distribuée via svn patchée quotidiennement (bug fixes, mises à jour de sécurité et nouvelles features)

Pour une utilisation non-professionnelle la version Community Edition suffit. Ici nous allons nous intéreser à l’installation et la configuration d’Observium sous debian 7.

Installation d’Observium

Ici nous partons d’une distribution propre, il nous faut donc commencer par installer les dépendances

sudo apt-get install libapache2-mod-php5 php5-cli php5-mysql php5-gd php5-mcrypt php5-json php-pear snmp fping \
mysql-server mysql-client python-mysqldb rrdtool subversion whois mtr-tiny ipmitool graphviz imagemagick

Créez le répertoire ou nous installerons Observium

Téléchargez la dernière version du logiciel et extrayez la

Lire la suite…

Installation Serveur Mail Postfix, Amavisd, Mysql, Spamassassin, Dspam, Dovecot

02/06/2021 Comments off

Ce tutoriel a été intégralement repris du site  http://www.starbridge.org et a été réalisé par tonio. Il est distribué sous licence creativecommons  Creative Commons License

Cet article, initié en 2007, est mis à jour régulièrement.
Le système sur lequel est basé ce document est une DEBIAN stable (Wheezy).
Le tuto est aussi entièrement compatible avec la version Testing (Jessie).

Ce tuto fonctionne également sous Ubuntu mais certains paquets présentent de légères différences. On essaiera de les indiquer si possible.

Mise à jour du 5/5/2015

Table des matières

Préparation de l’environnement

On prendra comme base pour l’exemple le domaine starbridge.org et le hostname du serveur de mail sera spike.

On met le système à jour :

aptitude update
aptitude full-upgrade

On vérifie les fichiers :

/etc/hostname : spike.starbridge.org
/etc/hosts : 127.0.0.1    spike.starbridge.org localhost.localdomain localhost spike

Lire la suite…

Categories: Logiciel, Tutoriel Tags: , , ,