Archive

Archives de l'auteur

How To Configure Port Knocking Using Only IPTables on an Ubuntu VPS

11/05/2021 Aucun commentaire

Source: digitalocean.com

Introduction

Servers that are connected to the internet are subjected to all manners of attacks and probes by malicious users, scripts, and automated bots. It is sometimes a balancing act to secure your server from attacks without affecting legitimate access to your services and resources.

Certain types of services are meant to be visible and consumable to the public internet. An example of this is a web server. Other types of services are typically used by only the system administrator or a select number of individuals and are not meant to be a public resource.

A concept known as port knocking is a way of shielding processes that fit into the latter description. Port knocking works by covering the ports associated with a process behind a firewall until a specific, predetermined sequence of network activity occurs. At this point, the port knocking service reconfigures the firewall to allow access to the protected application.

In a previous article, we discussed how to enable port knocking through a specially designed port knocking service. In this article, we will discuss an alternative method of configuring port knocking.

This method does not rely on an external application to alter the firewall rules. Instead, the iptables firewall can take advantage of a state-tracking module called “recent” to do all of this within the firewall rules themselves.

We will be configuring this on an Ubuntu 12.04 droplet, but any kind of Linux server should operate in a similar manner.

Note: This tutorial covers IPv4 security. In Linux, IPv6 security is maintained separately from IPv4. For example, “iptables” only maintains firewall rules for IPv4 addresses but it has an IPv6 counterpart called “ip6tables”, which can be used to maintain firewall rules for IPv6 network addresses.

If your VPS is configured for IPv6, please remember to secure both your IPv4 and IPv6 network interfaces with the appropriate tools. For more information about IPv6 tools, refer to this guide: How To Configure Tools to Use IPv6 on a Linux VPS

Lire la suite…

25 Most Frequently Used Linux IPTables Rules Examples

11/05/2021 Aucun commentaire

Source: thegeekstuff.com

At a first glance, IPTables rules might look cryptic.

In this article, I’ve given 25 practical IPTables rules that you can copy/paste and use it for your needs.

These examples will act as a basic templates for you to tweak these rules to suite your specific requirement.

For easy reference, all these 25 iptables rules are in shell script format: iptables-rules
Lire la suite…

Categories: Réseau, Sécurité Tags: ,

Configurer IPTables pour Netfilter sous Debian Squeeze

10/05/2021 Aucun commentaire

Qu’est-ce que c’est?

IPTables regroupe les lignes de commandes nécessaires à la gestion de Netfilter. Oui mais que fait Netfilter ? Pour les anglophones, vous aurez remarquer que dans Netfilter, il y a Net et il y a Filter donc à priori ça va parler d’Internet et de filtrage. Et qui dit filtrage, veut dire Firewall.

Voilà le mot est laché ! Le couple Netfilter/IPTables permet de faire du filtrage de port grâce à des règles de pare-feu. Il sera alors possible de bloquer certains paquets IP et de laisser passer ceux qui nous intéressent. Par exemple par le port 80 (le port pour http), le trafic Internet sera possible et votre navigateur préféré vous emmènera sur les autoroutes du savoir offert par Internet. Lire la suite…

Ignore existing files or update only newer files with rsync

10/05/2021 Aucun commentaire

Rsync is a useful command line utility for synchronising files and directories across two different file systems. I recently needed to use rsync to only copy over files that did not already exist at the other end, so this post documents how to do this.

Copying from local to remote

Note that all the examples shown in the post are for copying files from the local computer to a remote server/computer.

Default behavior

The following command will recursively copy all files from the local filesystem from /var/www to the remote system at 10.1.1.1. Note the following:

  1. Any files that do not exist on the remote system are copied over
  2. Any that have been updated will be copied over, although note that rsync is extremely efficient in that only the changed parts of files are copied and if the file is exactly the same if it is not copied over at all
  3. Any that have been deleted on the local system are deleted on the remote
rsync -raz --progress /var/www 10.1.1.1:/var

Ignore existing files

Use the –ignore-existing flag to prevent files from being copied over that already exist on the remote server. By adding this, we eliminate behaviors 2 and 3 in the list above and all that is done is this:

  1. Any files that do not exist on the remote system are copied over
--ignore-existing -raz --progress /var/www 10.1.1.1:/var 

Lire la suite…

Categories: Système Tags:

How to change the MAC address of an Ethernet interface

09/05/2021 Aucun commentaire

Change the MAC address of an Ethernet interface temporarily

Check MAC addresses:

$ ifconfig -a | awk '/HWaddr/ {print "Interface: " $1 "\t MAC: " $NF}'
Interface: eth0	 MAC: 08:00:27:2c:a4:69
Interface: eth1	 MAC: 08:00:27:9a:21:24

Shut down desired Ethernet interface (eth0 in this example):

$ sudo ifconfig eth0 down

Specify new MAC address:

$ sudo ifconfig eth0 hw ether 08:00:00:00:00:01

Activate modified Ethernet interface:

# ifconfig eth0 up

Verify changed MAC address:

$ ifconfig -a | awk '/HWaddr/ {print "Interface: " $1 "\t MAC: " $NF}'
Interface: eth0	 MAC: 08:00:00:00:00:01
Interface: eth1	 MAC: 08:00:27:9a:21:24

This change is not permanent as the MAC address on the interface eth0 will revert to the default on next system reboot. Lire la suite…

Categories: Réseau, Système Tags: