[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Rebuilding after Haq
- Subject: Re: [cobalt-users] Rebuilding after Haq
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat Jul 6 06:21:01 2002
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Saturday 06 July 2002 06:37 am, Gerald Waugh wrote:
Found another glitch, in logcheck
fixed below
> On Saturday 06 July 2002 02:02 am, David Lucas wrote:
> > Gerald, was there a little glitch in the PortSentry section.
> >
> > I posted it all online if you don't mind
> > http://www.yetiservices.com/raq/howto.html
>
> Yes, it was confusing
> I was trying to show the removal of port 143 from the list of ports
> I corrected it below
> I was also trying to show the diff for ifwadm (RaQ2)
> I fixed it below
>
> > At 12:54 PM 7/5/2002, you wrote:
> > >OK, i have completed installing these on a new server
> > >There can be many variations and permutations, but this is a basic one.
> > >If I erred let us know. Its just that too many people are getting stung,
> > >maybe this will help
> > >
> > > ============= I P C H A I N S ================
> > >1) wget http://netfilter.samba.org/ipchains/ipchains-1.3.10.tar.gz
> > >2) tar -zxvf ipchains-1.3.10.tar.gz
> > >3) cd ipchains-1.3.10
> > >4) make all (does nothing, as its compiled)
> > >5) make install
> > >
> > >============ P M F I R E W A L L ==========
> > >1) wget
> > > http://www.pointman.org/PMFirewall/download/pmfirewall-1.1.4.tar.gz 2)
> > > tar -zxvf pmfirewall-1.1.4.tar.gz
> > >3) cd pmfirewall-1.1.4
> > >4) edit /etc/host.allow
> > > in.telnetd : <my.ip.add.res>
> > >5) edit /etc/host.deny
> > > in.tellnetd : ALL
> > >6) Insure telnet is enabled
> > >7) ./install.sh (note in most cases you will 'hit' Enter see *)
> > > Directory to place config files [/usr/local/pmfirewall]:
> > > External Interface [eth0]:
> > > Are there any IP ranges which require unrestricted access? (y/N):
> > > Are there any IP ranges which should be blocked completely? (y/N):
> > > Is your IP address assigned via DHCP? (y/N):
> > > *Are you running a FTP Server on ports: 20/21 (y/N):y
> > > *Are you running a SSH Server on port: 22 (y/N):y
> > > Enter the IP Range or press ENTER for any IP address:
> > > *Are you running a Telnet Server on port: 23 (y/N):y
> > > Are you running a SMTP Server on port: 25 (y/N):
> > > *Are you running a DNS Server on port: 53 (y/N):y
> > > Enter the IP Range or press ENTER for any IP address:
> > > Are you running a Finger Server on port: 79 (y/N):
> > > *Are you running a Web Server on port: 80 (y/N):y
> > > Enter the IP Range or press ENTER for any IP address:
> > > *Are you running a POP Server on port: 110 (y/N):y
> > > Enter the IP Range or press ENTER for any IP address:
> > > Allow IDENT connections on port: 113 (y/N):
> > > Are you running a NNTP Server port: 119 (y/N):
> > > *Are you using NTP, it requires port: 123 (y/N):y
> > > Do you wish to open NetBIOS/SAMBA ports 137-139 (not recommended)?
> > > (y/N): ? Are you running an IMAP Server on port: 143 (y/N):
> > > *Are you running a SSL Web Server on port: 443 (y/N):y
> > > Enter the IP Range or press ENTER for any IP address:
> > > Are you running Routed (RIP) on port: 520 (y/N):
> > > Do you wish to open NFS port 2049 (not recommended)? (y/N):
> > > Do you wish to open X-Server ports 5999-6003 (not recommended)?
> > > (y/N): *Are there any other ports you wish to open to the outside?
> > > (y/N):y Port number: 81
> > > tcp, udp or both: tcp
> > > Enter the IP Range or press ENTER for any IP address:
> > > *Do you wish to add others? (y/N): y
> > > Port number: 444
> > > tcp, udp or both: tcp
> > > Enter the IP Range or press ENTER for any IP address:
> > > Do you wish to add others? (y/N):
> > > Start PMFirewall on bootup? (Y/n):
> > > Do you want pmfirewall to autodetect your IP address? (Y/n)
> > > Will this box Masquerade connections for other PC's (y/N):
> > >8) ipchains -L -n shows rules
> > >9) review your rules (not necessary but you might look)
> > > vi /usr/local/pmfirewall/pmfirewall.rules.local
> > > If you are using any of the following ip address comment out the one
> > > you use
> > > # Block Nonroutable IP's from entering on the External Interface
> > > $IPCHAINS -A input -j DENY -s 10.0.0.0/8 -d $OUTERNET -i $OUTERIF
> > > $IPCHAINS -A input -j DENY -s 127.0.0.0/8 -d $OUTERNET -i $OUTERIF
> > > $IPCHAINS -A input -j DENY -s 172.16.0.0/12 -d $OUTERNET -i
> > > $OUTERIF #$IPCHAINS -A input -j DENY -s 192.168.0.0/16 -d $OUTERNET -i
> > > $OUTERIF Make sure tlenet port 23 is at accept
> > >9) /etc/rc.d/init.d/pmfirewall start (don't exit your shell until you
> > > test) Enter a new SSH and telnet shell from your PC, make sure it
> > > works!!! 10) ipchains -L -n (shows rules)
> > >This setsup a basic firewall.
> > >Add - subtract rules from /usr/local/pmfirewall/pmfirewall.rules.local
> > >read up on ipchains
> > >
> > >============ P O R T S E N T R Y ===========
> > >1) wget
> > > http://www.psionic.com/downloads/portsentry-1.1.tar.gz============ P M
> > > F I R E W A L L ==========
> > >2) tar -zxvf portsentry-1.1.tar.gz
> > >3) cd portsentry-1.1
> > >4) vi portsentry.conf
> > > find
> > > # Use these if you just want to be aware:
>
> remove "143" tcp/udp from list of ports
> find
>
> > > # Newer versions of Linux support the reject flag now. This
> > > # is cleaner than the above option. [ uncomment this line ]
> > > #KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
>
> uncomment the above line.
> If you are using ipfwadm (RaQ2) do the following instead
> # ipfwadm support for Linux
> #KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$ -o"
>
> > >5) save the portsentry.conf file
> > >6) make linux
> > >7) make install
> > >8) vi /etc/rc.d/rc.local
> > > at the end of the fiel insert
> > > /usr/local/psionic/portsentry/portsentry -udp
> > > /usr/local/psionic/portsentry/portsentry -tcp
> > >9) there are more advanced methods and are left as an exercise for the
> > > user
> > >
> > >============== L O G C H E C K =============
> > >1) wget http://www.psionic.com/downloads/logsentry-1.1.1.tar.gz
> > >2) tar -zxvf logsentry-1.1.1.tar.gz
> > >3) cd logsentry-1.1.1
> > >4) make linux
> > >5) vi /usr/local/etc/logcheck.sh
> > > # Person to send log activity to.
> > > SYSADMIN="<email address>"
> > >6) vi /usr/local/etc/logcheck.cron
> > > # my logcheck cron job
00 * * * * root /usr/local/etc/logcheck.sh
> > >7) save the file
> > >8) crontab /usr/local/etc/logcheck.cron
> > >9) crontab -l (see if it loaded)
> > >10) /etc/rc.d/init.d/crond restart
> > >
> > >--
> > >Gerald Waugh
> > >http://frontstreetnetworks.com SOHO Networks & Web Site Hosting
> > >Front Street Networks LLC voice +1 203 785 0699 * fax +1 203 785
> > > 1787 229 Front Street, Ste. #C, New Haven CT 06513-3203
> > >
> > >-------------------------------------------------------
> > >
> > >--
> > >Gerald Waugh
> > >http://frontstreetnetworks.com SOHO Networks & Web Site Hosting
> > >Front Street Networks LLC voice +1 203 785 0699 * fax +1 203 785
> > > 1787 229 Front Street, Ste. #C, New Haven CT 06513-3203
> > >
> > >_______________________________________________
> > >cobalt-users mailing list
> > >cobalt-users@xxxxxxxxxxxxxxx
> > >To Subscribe or Unsubscribe, please go to:
> > >http://list.cobalt.com/mailman/listinfo/cobalt-users
--
Gerald Waugh
http://frontstreetnetworks.com SOHO Networks & Web Site Hosting
Front Street Networks LLC voice +1 203 785 0699 * fax +1 203 785 1787
229 Front Street, Ste. #C, New Haven CT 06513-3203