Lesson LPI 202 Chapter 4 Advancer Linux Netword Administration System Security give you the knowledge: Ipchains and Iptables, Configuring a router, Securing FPT Servers,... With the specialized technology your information, this is a useful reference.
Trang 1System Security
Chapter 07 Advanced Linux Network
Administration
Trang 4Firewall Programs
Trang 8notes only
Trang 10IPTables
Trang 12Chain Routing
Deny
Local Processes
Forward Chain OutputChain
Deny Deny
Ipchains packet traversal
Trang 13Forward Chain
Output Chain Deny
Trang 18Chain INPUT (policy DROP 280 packets, 32685 bytes)
pkts bytes target prot opt in out source destination
3300 136K ACCEPT tcp eth1 * 192.168.56.1 192.168.56.2 tcp dpt:22
140 51297 LOG all eth0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
378K 46M LOG all eth1 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
140 10220 ACCEPT all lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4435 1275K LOG all eth1 eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
4717 882K LOG all eth0 eth1 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
13 624 ACCEPT tcp eth0 eth1 0.0.0.0/0 192.168.56.1 tcp dpt:22 state NEW
4379 1214K ACCEPT all eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4609 877K ACCEPT all eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 396 ACCEPT tcp eth1 eth0 0.0.0.0/0 10.10.90.10 tcp dpt:22 state NEW
Chain OUTPUT (policy DROP 7 packets, 588 bytes)
pkts bytes target prot opt in out source destination
5687 6275K ACCEPT tcp * eth1 192.168.56.2 192.168.56.1 tcp spt:22
102 48836 LOG all * eth4 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
78904 8127K LOG all * eth1 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
140 10220 ACCEPT all * lo 0.0.0.0/0 0.0.0.0/0
Trang 20Jun 25 09:05:11 hebe kernel: IN=eth1 OUT= MAC=00:00:92:a7:df:05:02:07:01:23:5e:29:08:00
SRC=10.90.10.112 DST=10.90.10.116 LEN=44 TOS=0x00
PREC=0x00 TTL=60 ID=7276 PROTO=TCP SPT=47785 DPT=10003 WINDOW=16384 RES=0x00 SYN URGP=0
Jun 25 09:05:11 hebe kernel: IN=eth1 OUT= MAC=00:00:92:a7:df:05:02:07:01:23:5e:29:08:00
SRC=10.90.10.112 DST=10.90.10.116 LEN=44 TOS=0x00
PREC=0x00 TTL=60 ID=7276 PROTO=TCP SPT=47785 DPT=10003 WINDOW=16384 RES=0x00 SYN URGP=0
Jun 25 09:05:12 hebe kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:d1:24:bb:08:00
SRC=10.90.50.251 DST=10.90.255.255 LEN=241 TOS=0x00 PREC=0x00 TTL=128 ID=547 PROTO=UDP
SPT=138 DPT=138 LEN=221
Jun 25 09:05:12 hebe kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:d1:24:bb:08:00
SRC=10.90.50.251 DST=10.90.255.255 LEN=241 TOS=0x00 PREC=0x00 TTL=128 ID=547 PROTO=UDP
SPT=138 DPT=138 LEN=221
Jun 25 09:05:12 hebe kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:04:74:0b:81:08:00
SRC=10.90.10.6 DST=10.90.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=44852 PROTO=UDP SPT=137
DPT=137 LEN=58
Jun 25 09:05:12 hebe kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:04:74:0b:81:08:00
SRC=10.90.10.6 DST=10.90.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=44852 PROTO=UDP SPT=137
DPT=137 LEN=58
Jun 25 09:05:15 hebe kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:60:cf:20:2d:37:08:00
SRC=10.90.10.104 DST=10.90.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=1 ID=60733 DF PROTO=UDP
SPT=137 DPT=137 LEN=58
Jun 25 09:05:15 hebe kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:60:cf:20:2d:37:08:00
SRC=10.90.10.104 DST=10.90.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=1 ID=60733 DF PROTO=UDP
Trang 35disable = no socket_type = stream wait = no
user = root server = /usr/sbin/vsftpd no_access = 192.168.1.3 log_on_success += PID HOST DURATION
Trang 36[ neo5k@server]# /usr/sbin/vsftpd &
[ neo5k@server]# netstat anp|grep 21
Trang 37Secure shell (OpenSSH)
Trang 54• Edit /etc/inetd.conf and replace the path to each
network service daemon that you wish to place under access control with the path to tcpd
Trang 57disable = no socket_type = stream wait = no
user = root server = /usr/sbin/imapd only_from = 127.0.0.1
Trang 59NAME: name of the process
PID: process ID
USER: name of the user to whom the process belongs
FD: File desciptor (e.g u = read write, r = read, w =
write)TYPE: The file type (e.g REG = regular file)
DEVICE: Major/Minor number (e.g 3,16 =/dev/hda16 )
SIZE: Size or offset of the file
NODE: Inode of the file