After recently upgrading some of my servers to Debian Wheezy, I noticed the xtables-addons-dkms package is now available. This means you no longer have to build the iptables modules from source to get tarpit support (and more). If you are not sure what the tarpit target is or why you would want to use it, a basic explaination is that you send unwated TCP traffic to the tarpit target with iptables. All connections are accepted and immediatedly switched to the persist state. The remote side stops sending data and asks to continue every 60-240 seconds and attemts to close the connections from the remote side are ignored. The connection will then timeout in 12-24 minutes.
You might want to do this to slow down and even crash port scans (eg. routed unused ip space to a server with these rules in the forward chain in iptables).
To get started, install the xtables-addons-dkms package:
# apt-get install xtables-addons-dkms
Add rules to send traffic to the tarpit target to suite your needs. Some examples are:
Server does not host MSSQL or MySQL database, tarpit those ports: iptables -A INPUT -p tcp --dport mysql -j TARPIT iptables -A INPUT -p tcp --dport ms-sql-s -j TARPIT
Tarpit all TCP connections incoming from the IP address 123.123.123.123: iptables -A INPUT -p tcp -s 123.123.123.123 -j TARPIT
Tarpit all ports, this would be used as the last rule in an existing firewall in place of a reject/drop rule. If you do not have a reject/drop rule do not use this rule unless you know what you are doing. iptables -A INPUT -p tcp -j TARPIT
To test that the above rules are working you can telnet to the host on a port that should go to the tarpit. If the connection works and your connection does not get closed within a few minutes it is working.
As an example of the effect this has on a port scan, I ran nmap on the host before and after. The results speak for themselves:
Before:
me~# nmap -sV 123.123.123.123
Starting Nmap5.00(http://nmap.org ) at 2013-08-11 08:15 WST
Stats:0:00:52elapsed;0hosts completed(1up),1undergoing Service Scan
Service scan Timing:About0.00%done
....
Nmap done:1IP address(1host up)scanned in127.25seconds
After:
me~# nmap -sV 123.123.123.123
Starting Nmap5.00(http://nmap.org ) at 2013-08-11 08:15 WST
Stats:0:02:15elapsed;0hosts completed(1up),1undergoing Service Scan
Service scan Timing:About1.40%done;ETC:10:37(2:38:18remaining)
Stats:0:17:37elapsed;0hosts completed(1up),1undergoing Service Scan
Service scan Timing:About9.41%done;ETC:11:04(2:49:36remaining)
....(crash)....
me~#
Routers between you and the attacker may have issues due to the large amount of connections that will be held open, so make sure you gear can handle it before you try this (the nmap scan as above had a constant 500+ connections open for the tarpit scan alone). This can be an issue if you have a large range routed to the server doing the tarpit.
I need to disable firewall in Linux for testing purpose. I’m using CentOS and RHEL version 4.4 / 5 / 6. How do I disable the firewall in Linux?
A Linux firewall is software based firewall that provides protection between your server (workstation) and damaging content on the Internet or network. It will try to guard your computer against both malicious users and software such as viruses/worms.
Task: Disable / Turn off Linux Firewall (Red hat/CentOS/Fedora Core)
Type the following two commands (you must login as the root user): # /etc/init.d/iptables save # /etc/init.d/iptables stop
Turn off firewall on boot: # chkconfig iptables off
Task: Enable / Turn on Linux Firewall (Red hat/CentOS/Fedora Core)
Type the following command to turn on iptables firewall: # /etc/init.d/iptables start Turn on firewall on boot: # chkconfig iptables on
Using the same password on different servers allows attackers to access your accounts if cracker manage to steal your password from a less secure server. This is true for online website accounts too. So solution is to create unique passwords for server accounts like your email, sftp and ssh accounts. General guideline to create a strong and unique password is as follows:
Creating a strong and unique password for Linux or Unix-like systems
Create a password with mix of numbers, special symbols, and alphabets.
Make sure your password is hard to guess. You can use tool such as makepasswd to create hard to guess password.
Do not use simple words like « password« , « 123456« , « 123abc » or « qwerty« .
Use a unique password for all your server accounts.
But, how do you test the effectiveness of a password in resisting guessing and brute-force attacks under Linux? The answer is simple use cracklib-check command.
Install cracklib on a Linux based system
Type the following yum command to install on RHEL and friends: # yum install cracklib
Type the following apt-get command to install on Debian/Ubuntu and friends: # apt-get install libcrack2
Observium est un système de supervision de réseaux basé sur PHP / MySQL. Il supporte une large gamme de distributions (Windows, Linux, FreeBS, ESXI, etc.) et de matériels (Cisco, Linksys, Juniper, Dell).
Observium se décline en deux versions :
Observium Community Edition : une version gratuite, open-source et mise à jour tous les 6 mois.
Observium Profesionnal : une version payante (£150/an) distribuée via svn patchée quotidiennement (bug fixes, mises à jour de sécurité et nouvelles features)
Pour une utilisation non-professionnelle la version Community Edition suffit. Ici nous allons nous intéreser à l’installation et la configuration d’Observium sous debian 7.
Installation d’Observium
Ici nous partons d’une distribution propre, il nous faut donc commencer par installer les dépendances
Ce tutoriel a été intégralement repris du site http://www.starbridge.org et a été réalisé par tonio. Il est distribué sous licence creativecommons
Cet article, initié en 2007, est mis à jour régulièrement. Le système sur lequel est basé ce document est une DEBIAN stable (Wheezy). Le tuto est aussi entièrement compatible avec la version Testing (Jessie).
Ce tuto fonctionne également sous Ubuntu mais certains paquets présentent de légères différences. On essaiera de les indiquer si possible.
