[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Rebuilding after Haq

Subject: Re: [cobalt-users] Rebuilding after Haq
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri Jul 5 10:55:01 2002
Organization: Front Street Networks LLC
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

OK, i have completed installing these on a new server
There can be many variations and permutations, but this is a basic one.
If I erred let us know. Its just that too many people are getting stung,
maybe this will help

 ============= I P C H A I N S ================
1) wget http://netfilter.samba.org/ipchains/ipchains-1.3.10.tar.gz
2) tar -zxvf ipchains-1.3.10.tar.gz
3) cd ipchains-1.3.10
4) make all     (does nothing, as its compiled)
5) make install

============ P M F I R E W A L L ==========
1) wget http://www.pointman.org/PMFirewall/download/pmfirewall-1.1.4.tar.gz
2) tar -zxvf pmfirewall-1.1.4.tar.gz
3) cd pmfirewall-1.1.4
4) edit /etc/host.allow
   in.telnetd : <my.ip.add.res>
5) edit /etc/host.deny
   in.tellnetd : ALL
6) Insure telnet is enabled
7) ./install.sh (note in most cases you will 'hit' Enter see *)
   Directory to place config files [/usr/local/pmfirewall]:
   External Interface [eth0]:
   Are there any IP ranges which require unrestricted access? (y/N):
   Are there any IP ranges which should be blocked completely? (y/N):
   Is your IP address assigned via DHCP?  (y/N):
   *Are you running a FTP Server on ports: 20/21 (y/N):y
   *Are you running a SSH Server on port: 22 (y/N):y
     Enter the IP Range or press ENTER for any IP address:
   *Are you running a Telnet Server on port: 23 (y/N):y
   Are you running a SMTP Server on port: 25 (y/N):
   *Are you running a DNS Server on port: 53 (y/N):y
     Enter the IP Range or press ENTER for any IP address:
   Are you running a Finger Server on port: 79 (y/N):
   *Are you running a Web Server on port: 80 (y/N):y
     Enter the IP Range or press ENTER for any IP address:
   *Are you running a POP Server on port: 110 (y/N):y
     Enter the IP Range or press ENTER for any IP address:
   Allow IDENT connections on port: 113 (y/N):
   Are you running a NNTP Server port: 119 (y/N):
   *Are you using NTP, it requires port: 123 (y/N):y
   Do you wish to open NetBIOS/SAMBA ports 137-139 (not recommended)? (y/N):
?  Are you running an IMAP Server on port: 143 (y/N):
   *Are you running a SSL Web Server on port: 443 (y/N):y
     Enter the IP Range or press ENTER for any IP address:
   Are you running Routed (RIP) on port: 520 (y/N):
   Do you wish to open NFS port 2049 (not recommended)? (y/N):
   Do you wish to open X-Server ports 5999-6003 (not recommended)? (y/N):
   *Are there any other ports you wish to open to the outside? (y/N):y
     Port number: 81
     tcp, udp or both: tcp
     Enter the IP Range or press ENTER for any IP address:
   *Do you wish to add others? (y/N): y
     Port number: 444
     tcp, udp or both: tcp
     Enter the IP Range or press ENTER for any IP address:
   Do you wish to add others? (y/N):
   Start PMFirewall on bootup? (Y/n):
   Do you want pmfirewall to autodetect your IP address? (Y/n)
   Will this box Masquerade connections for other PC's (y/N):
8) ipchains -L -n  shows rules
9) review your rules (not necessary but you might look)
   vi /usr/local/pmfirewall/pmfirewall.rules.local
   If you are using any of the following ip address comment out the one you
use
     # Block Nonroutable IP's from entering on the External Interface
     $IPCHAINS -A input -j DENY -s 10.0.0.0/8 -d $OUTERNET -i $OUTERIF
     $IPCHAINS -A input -j DENY -s 127.0.0.0/8 -d $OUTERNET -i $OUTERIF
     $IPCHAINS -A input -j DENY -s 172.16.0.0/12 -d $OUTERNET -i $OUTERIF
     #$IPCHAINS -A input -j DENY -s 192.168.0.0/16 -d $OUTERNET -i $OUTERIF
   Make sure tlenet port 23 is at accept
9) /etc/rc.d/init.d/pmfirewall start (don't exit your shell until you test)
   Enter a new SSH and telnet shell from your PC, make sure it works!!!
10) ipchains -L -n   (shows rules)
This setsup a basic firewall.
Add - subtract rules from /usr/local/pmfirewall/pmfirewall.rules.local
read up on ipchains

============ P O R T S E N T R Y ===========
1) wget http://www.psionic.com/downloads/portsentry-1.1.tar.gz============ P
M F I R E W A L L ==========
2) tar -zxvf portsentry-1.1.tar.gz
3) cd portsentry-1.1
4) vi portsentry.conf
   find:
   # Use these if you just want to be aware:

TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,1234
6,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320"

UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771
,32772,32773,32774,31337,54321" === remove 143 above + looks like below ====

TCP_PORTS="1,11,15,79,111,119,540,635,1080,1524,2000,5742,6667,12345,12346,20
034,27665,31337,32771,32772,32773,32774,40421,49724,54320"

UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771
,32772,32773,32774,31337,54321" find:
   # Newer versions of Linux support the reject flag now. This
   # is cleaner than the above option. [ uncomment this line ]
   KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
   # ipchain support for Linux [ uncomment this line AMD ]
   KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY -l"
   # ipfwadm support for Linux [ uncomment this line MIPS ]
   KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$ -o"
5) save the portsentry.conf file
6) make linux
7) make install
8) vi /etc/rc.d/rc.local
   at the end of the fiel insert
   /usr/local/psionic/portsentry/portsentry -udp
   /usr/local/psionic/portsentry/portsentry -tcp
9) there are more advanced methods and are left as an exercise for the user

============== L O G C H E C K =============
1) wget http://www.psionic.com/downloads/logsentry-1.1.1.tar.gz
2) tar -zxvf logsentry-1.1.1.tar.gz
3) cd logsentry-1.1.1
4) make linux
5) vi /usr/local/etc/logcheck.sh
   # Person to send log activity to.
   SYSADMIN="<email address>"
6) vi /usr/local/etc/logcheck.cron
   # my logcheck cron job
   00 * * * * root /bin/sh /usr/local/etc/logcheck.sh
7) save the file
8) crontab /usr/local/etc/logcheck.cron
9) crontab -l   (see if it loaded)
10) /etc/rc.d/init.d/crond restart

--
Gerald Waugh
http://frontstreetnetworks.com  SOHO Networks & Web Site Hosting
Front Street Networks LLC     voice +1 203 785 0699 * fax +1 203 785 1787
229 Front Street, Ste. #C, New Haven CT 06513-3203

-------------------------------------------------------

-- 
Gerald Waugh 
http://frontstreetnetworks.com  SOHO Networks & Web Site Hosting
Front Street Networks LLC     voice +1 203 785 0699 * fax +1 203 785 1787
229 Front Street, Ste. #C, New Haven CT 06513-3203

Follow-Ups:
- Re: [cobalt-users] Rebuilding after Haq
  - From: Bradley Caricofe

Prev by Date: [cobalt-users] Raq3 vs. realtime clock
Next by Date: [cobalt-users] PHP Question
Previous by thread: Re: [cobalt-users] Rebuilding after Haq
Next by thread: Re: [cobalt-users] Rebuilding after Haq

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index