[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] worm attack
- Subject: Re: [cobalt-users] worm attack
- From: Greg Hewitt-Long <greg@xxxxxxxxxxxxxxxxxxx>
- Date: Sat Sep 22 09:47:33 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
>"Revd leonard payne" <vicarage@xxxxxxxxxxxxxx> wrote
>
>> Can anyone give a blow by blow - step by step - idiots (tm) guide to
>> installation of
>>
>> a. portsentry
>> b. logcheck
>> c. ipchains
>>
>> and then anything else that the community feels is valid. (I've got a and b)
>>
>
>Since you have a and b, then all you need is ipchains.
>read http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
>
>You didn't say which RaQ you have I assume a 3 or 4
>run <ls /proc/net/ip_fwchains> if this file exist then you can use ipchains.
>
>RaQ2 and Qube2 need to use ipfwadm
>
>login to a ssh shell as root
>wget http://netfilter.samba.org/ipchains/ipchains-1.3.10.tar.gz
>tar zxvf ipchains-1.3.10.tar.gz
>cd ipchains-1.3.10
>make all
>make install
>this will install /sbin/ipchains
>and /usr/man/man8/ipchains.8
>
>Then get pmfirewall
>wget http://www.pointman.org/PMFirewall/download/pmfirewall-1.1.4.tar.gz
>tar -zxvf pmfirewall-1.1.4.tar.gz
>cd into the directory pmfirewall-1.1.4
>Read - README and INSTALL
>Run "sh install.sh" and follow the prompts.
>pmfirewall adds rc.d scripts for each runlevel
>Start pmfirewall /etc/rc.d/rc3.d/S50pmfirewall start
>So when you reboot it will start.
>
>The install.sh prompts are very good.
>In most cases just accept the [default]
>This will install a basic firewall.
>
>Read up on the HOWTO and then
>Add you own rules to /usr/local/pmfirewall/pmfirewall.rules.local
Like adding port 81 to HTTP - or your /admin and /siteadmin thingies won't work.
I've also got another problem with pmfirewall, and I'm struggling to find it - HTTPD ceases to work AT ALL when I've installed the thing, but (thank deity) that telnet still worked for my to login and remove/reboot.
Does anyone know what might have gone amiss on this PMFIREWALL installation to bash my HTTPD access? - all I did was respond (I thought appropriately) to the prompts - then duplicate a bunch of IPCHAINS commands to block IPs generating NIMDA worm requests, and reboot.
Is there another RAQ fix that you forgot to mention?
Cheers .... Greg
>
>Gerald
>
>
>
>
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
--
http://www.webyourbusiness.com/
Providers of E-Commerce Software &
Web Design Consultancy and Services.
PH: (970)266-0195 FAX: (970)266-0158