| Welcome, Guest |
You have to register before you can post on our site.
|
| Online Users |
There are currently 175 online users.
» 0 Member(s) | 172 Guest(s)
Bing, DuckDuckGo, Google
|
| Latest Threads |
How to install Archboot i...
Forum: Network Problems
Last Post: Meup
2025-05-13, 01:41 PM
» Replies: 0
» Views: 511
|
clear logs in smoothwall
Forum: Security and Firewalls
Last Post: amanda63
2024-03-10, 03:27 PM
» Replies: 8
» Views: 89,160
|
I cannot install RedHat 8...
Forum: Redhat
Last Post: hybrid
2023-11-11, 01:01 PM
» Replies: 1
» Views: 42,517
|
How things are done, usin...
Forum: Xorg Problems
Last Post: ross
2023-09-04, 09:03 AM
» Replies: 0
» Views: 1,922
|
Im back.....
Forum: Hello
Last Post: anyweb
2021-01-17, 11:36 AM
» Replies: 1
» Views: 5,415
|
add mp3 plugin to xmms in...
Forum: Fedora
Last Post: anyweb
2021-01-17, 11:30 AM
» Replies: 11
» Views: 41,531
|
Configuring VSFTPd Server
Forum: FTP Server
Last Post: Johnbaca
2020-10-14, 10:25 AM
» Replies: 32
» Views: 118,522
|
Wolf won't play sound!
Forum: Game Problems
Last Post: Guest
2020-10-03, 05:51 PM
» Replies: 1
» Views: 56,306
|
Using git + python
Forum: How Do I?
Last Post: Clueless puppy
2020-08-21, 04:37 PM
» Replies: 0
» Views: 46,204
|
what does your nick mean ...
Forum: Hello
Last Post: volt
2020-08-06, 03:25 PM
» Replies: 28
» Views: 42,186
|
|
|
| Locking Down Apache |
|
Posted by: xDamox - 2005-07-04, 05:56 PM - Forum: LAMP
- Replies (2)
|
 |
Well I though I would write another tutorial :) this time on apache on making it more secure
and defending against DOS attacks this tutorial is for Apache version 2.
The two packages I am going to use are the following:
mod_security which is available from [/url]http://www.modsecurity.org/
mod_dosevasive which is available from http://www.nuclearelephant.com/projects/dosevasive/
I would like to give credit to fedoranew.org (Jorge A Gallegos) as I stumbled into mod_security
there.
Once you have downloaded the two packages unpack the as shown below.
Code: tar zvxf modsecurity-1.8.7.tar.gz
tar zvxf mod_dosevasive_1.10.tar.gz
This will create two directory's which will contain the source code. Before we install these modules
you should get the apxs which will build the module into apache for you, this tool can be downloaded
via yum as shown below.
Code: yum install httpd-devel
Once that is installed go into mod_security decompressed directory and type the following as
root:
Code: apxs -cia mod_security.c
This should produce the following out put:
Code: /bin/sh /usr/lib/apr/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -march=i386 -mcpu=i686 -DAP_HAVE_DESIGNATED_INITIALIZER -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apr-0 -I/usr/include/httpd -c -o mod_security.lo mod_security.c && touch mod_security.slo
/bin/sh /usr/lib/apr/build/libtool --silent --mode=link gcc -o mod_security.la -rpath /usr/lib/httpd/modules -module -avoid-version mod_security.lo
/usr/lib/httpd/build/instdso.sh SH_LIBTOOL='/bin/sh /usr/lib/apr/build/libtool' mod_security.la /usr/lib/httpd/modules
/bin/sh /usr/lib/apr/build/libtool --mode=install cp mod_security.la /usr/lib/httpd/modules/
cp .libs/mod_security.so /usr/lib/httpd/modules/mod_security.so
cp .libs/mod_security.lai /usr/lib/httpd/modules/mod_security.la
cp .libs/mod_security.a /usr/lib/httpd/modules/mod_security.a
ranlib /usr/lib/httpd/modules/mod_security.a
chmod 644 /usr/lib/httpd/modules/mod_security.a
PATH="$PATH:/sbin" ldconfig -n /usr/lib/httpd/modules
----------------------------------------------------------------------
Libraries have been installed in:
/usr/lib/httpd/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/lib/httpd/modules/mod_security.so
[activating module `security' in /etc/httpd/conf/httpd.conf]
Once that has been done go to the /etc/httpd/conf.d/ directory and create a file
called: "mod_security.conf". Once this file is created paste the following into the config
file:
Code: <IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# Make sure that Unicode encoding is valid
SecFilterCheckUnicodeEncoding On
# Turn of server token
SecServerResponseToken On
# Only allow bytes from this range
SecFilterForceByteRange 32 126
# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log
SecFilterDebugLog /var/log/httpd/modsec_debug_log
SecFilterDebugLevel 0
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:406"
# Simple filter
SecFilter /bin/bash
SecFilter /var
SecFilter /etc
SecFilter /home
SecFilter hidden
# Prevent OS specific keywords
SecFilter /etc/password
# Prevent path traversal (..) attacks
SecFilter "\.\./"
# Weaker XSS protection but allows common HTML tags
SecFilter "<( |\n)*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|\n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
</IfModule>
That is the config file I use, you can also visit mod_security web site to view all the rules
that can be applied into this config file.
Once the config file has been setup restart apache as shown below.
Code: services httpd restart
Once thats restarted open your web browser and type 127.0.0.1/etc this should say in you
web browser:
Code: Not Acceptable
An appropriate representation of the requested resource /etc could not be found on this server.
Apache/2.0.54 (Fedora) Server at 127.0.0.1 Port 80
Now goto /var/log/httpd and you should see a file called audit_log the content will display something
similar to:
Code: ========================================
Request: 127.0.0.1 - - [04/Jul/2005:18:45:53 +0100] "GET /etc HTTP/1.1" 406 329
Handler: (null)
----------------------------------------
GET /etc HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
mod_security-message: Access denied with code 406. Pattern match "/etc" at THE_REQUEST
mod_security-action: 406
HTTP/1.1 406 Not Acceptable
Content-Length: 329
Connection: close
Content-Type: text/html; charset=iso-8859-1
As you may have noticed it has filtered out /etc and displayed the attackers details.
Now that we have mod_security setup its now time to setup mod_dosevasive, first step is
to change into mod_dosevasive decompressed directory and issue the following command.
Code: apxs -i -a -c mod_dosevasive20.c
This will produce the output similar to mod_security once that has installed you can delete
both decompressed directorys and their comrpess version.
Open the httpd.conf file and add the following entry:
Code: <IfModule mod_dosevasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
</IfModule>
The following values are as stated from the mod_dosevasive.
DOSHashTableSize
----------------
The hash table size defines the number of top-level nodes for each child's
hash table. Increasing this number will provide faster performance by
decreasing the number of iterations required to get to the record, but
consume more memory for table space. You should increase this if you have
a busy web server. The value you specify will automatically be tiered up to
the next prime number in the primes list (see mod_dosevasive.c for a list
of primes used).
DOSPageCount
------------
This is the threshhold for the number of requests for the same page (or URI)
per page interval. Once the threshhold for that interval has been exceeded,
the IP address of the client will be added to the blocking list.
DOSSiteCount
------------
This is the threshhold for the total number of requests for any object by
the same client on the same listener per site interval. Once the threshhold
for that interval has been exceeded, the IP address of the client will be added
to the blocking list.
DOSPageInterval
---------------
The interval for the page count threshhold; defaults to 1 second intervals.
DOSSiteInterval
---------------
The interval for the site count threshhold; defaults to 1 second intervals.
DOSBlockingPeriod
-----------------
The blocking period is the amount of time (in seconds) that a client will be
blocked for if they are added to the blocking list. During this time, all
subsequent requests from the client will result in a 403 (Forbidden) and
the timer being reset (e.g. another 10 seconds). Since the timer is reset
for every subsequent request, it is not necessary to have a long blocking
period; in the event of a DoS attack, this timer will keep getting reset.
DOSEmailNotify
--------------
If this value is set, an email will be sent to the address specified
whenever an IP address becomes blacklisted. A locking mechanism using /tmp
prevents continuous emails from being sent.
NOTE: Be sure MAILER is set correctly in mod_dosevasive.c
(or mod_dosevasive20.c). The default is "/bin/mail -t %s" where %s is
used to denote the destination email address set in the configuration.
If you are running on linux or some other operating system with a
different type of mailer, you'll need to change this.
DOSSystemCommand
----------------
If this value is set, the system command specified will be executed
whenever an IP address becomes blacklisted. This is designed to enable
system calls to ip filter or other tools. A locking mechanism using /tmp
prevents continuous system calls. Use %s to denote the IP address of the
blacklisted IP.
DOSLogDir
---------
Choose an alternative temp directory
By default "/tmp" will be used for locking mechanism, which opens some
security issues if your system is open to shell users.
[url=http://security.lss.hr/index.php?page=deta...=LSS-2005-01-01]http://security.lss.hr/index.php?page=deta...=LSS-2005-01-01
In the event you have nonprivileged shell users, you'll want to create a
directory writable only to the user Apache is running as (usually root),
then set this in your httpd.conf.
Once all that is setup restart your apache server and enjoy the know fact that you have
locked it down :)note that mod_dosevasive provide a test.pl file to check the mod_dosevasive
is functioning correctly.
Code: service httpd restart
|
|
|
| anywebs script |
|
Posted by: anyweb - 2005-07-04, 12:39 PM - Forum: Security and Firewalls
- Replies (2)
|
 |
here it is
feel free to copy/play with
lines with a # infront of them are ignored, interesting to note that ssh is listening on port 234 and we are using iptables to limit the amount of connections to that port on a per minute basis
cheers
anyweb
Code: #!/bin/bash
# Enabled packet forwarding for vpn work
#echo 1 > /proc/sys/net/ipv4/ip_forward
# Flush Old rules on reinit of rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
# Set input policy
iptables -P INPUT DROP
# Accepted Hosts
iptables -A INPUT -s 100.0.0.0/8 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -s 81.229.167.48 -j ACCEPT
iptables -A INPUT -s 217.209.122.25 -j ACCEPT
#ipv6 tunnel hosts
#iptables -I INPUT -s 213.121.24.85 -j ACCEPT
#iptables -I INPUT -s 62.75.252.206 -j ACCEPT
# Accepted Ports
#iptables -I INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 80 -j ACCEPT
#iptables -A INPUT -p tcp -m multiport --dports 8000,9000,9001,9002 -j ACCEPT
#iptables -A INPUT -p udp -m multiport --dports 53 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# deny mysql from communicating outside the firewall
iptables -A OUTPUT -p tcp --sport 3306 -j DROP
## Accept ports with rate limit
iptables -A INPUT -p tcp --dport 234 -m limit --limit 2/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 234 -j REJECT --reject-with tcp-reset
# Dropped Hosts
#iptables -A INPUT -s 207.46.98.0/24 -j DROP # Ms search bot
#iptables -A INPUT -s 70.25.150.84 -j DROP # samurai and jo
# Redirect ports over the vpn to my home network
#iptables -t nat -A POSTROUTING -d 192.168.55.0/24 -j SNAT --to-source 10.20.1.1
[CODE]
####
######### IPV6
####
#ip6tables -F INPUT
#ip6tables -P INPUT ACCEPT
#ip6tables -A INPUT -p tcp --dport 113 -j ACCEPT
#ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
|
|
|
|
| deny mysql access outside the firewall |
|
Posted by: anyweb - 2005-07-04, 12:21 PM - Forum: LAMP
- Replies (3)
|
|
what if someone hacked your mysql via a mysql injection vulnerability and wanted to use it to connect to you in order to upload/download tools to further compromise a system
well, if you block if from communicating outside the firewall (ie: to the internet) then you are making that more difficult for the attacker to do so
thoughts about this ?
Code: iptables -A OUTPUT -p tcp --sport 3306 -j DROP
cheers
anyweb
|
|
|
|
| Slackware kernel upgrade to 2.6.12.2 |
|
Posted by: tinman77 - 2005-07-02, 10:03 PM - Forum: Kernel Related
- Replies (6)
|
|
I am having problems with a kernel upgrade to 2.6.12.2 on my Inpsion 6000d. I have WinXP and Slackware dual boot on a 40 gig HD. I compiled the kernel many times selecting different combinations of options and every single time I get a kernel panic:
VFS: Cannot open root device "303" or unknown-block(3,3)
Please append a corrrect "root=" boot option
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown block(3,3)
I have read on other forums and miscellaneous pages that the Inspiron 6000 has SATA type setup for the hard drive and that changing lilo to point to /dev/sda3 instead of the current /dev/hda3 solves it, along with many other ways of getting it to work. However, I am not so sure I have a SATA drive because using 2.4.29 my root filesystem points to /dev/hda3. Please, any help is appreciated.
|
|
|
|
| Channel Statistics for June 2005. |
|
Posted by: FluKex - 2005-07-02, 09:33 PM - Forum: Site News
- No Replies
|
 |
Here they are, June Statistics for the channel.
I'll be pasting each month here,
Enjoy
Top20 words -
1: enigma- (81363)
2: P38_ (26756)
3: flukex (22997)
4: nerdX (21361)
5: Jy (21019)
6: badlandz (19544)
7: OmegaEvil (17728)
8: znx (15687)
9: Randall (15353)
10: [Granger] (15218)
11: bofh` (13319)
12: redneck (12951)
13: ]EnIgMa (9446)
14: j3r (9043)
15: fabio (8991)
16: Ritter (8202)
17: anyweb (7980)
18: square (6666)
19: quannum_ (6401)
20: mstone (6367)
Top20 smilies -
1: enigma- (1006)
2: znx (738)
3: badlandz (598)
4: nerdX (430)
5: bofh` (417)
6: square (387)
7: flukex (312)
8: OmegaEvil (240)
9: j3r (236)
10: P38_ (225)
11: [Granger] (195)
12: Randall (193)
13: webany (179)
14: Jy (176)
15: compile (163)
16: ]EnIgMa (159)
17: anyweb (144)
18: magikman (137)
19: McDuck (120)
20: lit (109)
Top20 letters -
1: enigma- (342055)
2: P38_ (117068)
3: flukex (96244)
4: nerdX (94612)
5: Jy (92559)
6: badlandz (77823)
7: OmegaEvil (75626)
8: znx (69943)
9: [Granger] (66412)
10: Randall (60538)
11: bofh` (57896)
12: redneck (54614)
13: ]EnIgMa (39104)
14: j3r (38430)
15: anyweb (36461)
16: Ritter (36297)
17: fabio (36240)
18: square (30705)
19: lit (26031)
20: mstone (26030)
|
|
|
|
| Pop3 Email and Dynamic IP |
|
Posted by: trinimoses - 2005-07-02, 04:04 AM - Forum: Fedora
- No Replies
|
|
Good night all.. I was wondering if its possible to get a pop3 email server working with a dynamic ip and using a free dns service like dnsexit.com ?
Has anyone ever tried that.
|
|
|
|
| memory stick |
|
Posted by: JerLasVegas - 2005-07-01, 06:54 PM - Forum: Ubuntu
- Replies (1)
|
|
Hello, I am running Ubuntu Hoary 5.04 with a custom kernel 2.6.11-12 and I am having a problem getting the memory stick to mount.
When I compiled the kernel I selected SCSI disk support as a module, MMC/SD support compiled in, MMC block device driver compiled in as a module, USB Mass Storage Support compiled in,
Here is the output from /var/log/messages when i put the stick in the drive:
Jul 1 11:25:42 localhost kernel: usb 3-1: new full speed USB device using uhci_hcd and address 9
Jul 1 11:25:42 localhost kernel: scsi7 : SCSI emulation for USB Mass Storage devices
Jul 1 11:25:47 localhost kernel: Vendor: Generic Model: CF Reader Rev: 1.01
Jul 1 11:25:47 localhost kernel: Type: Direct-Access ANSI SCSI revision: 00
Jul 1 11:25:47 localhost kernel: Attached scsi removable disk sda at scsi7, channel 0, id 0, lun 0
Jul 1 11:25:47 localhost scsi.agent[7508]: sd_mod: loaded sucessfully
/etc/udev/udev.conf says :
# udev_root - where in the filesystem to place the device nodes
udev_root="/dev/"
the only new devices in /dev when I put the stick in are :
brw-r----- 1 root plugdev 8, 0 Jul 1 11:42 sda
if i attemped to mount that:
root@jerlaptop:/usr/src/linux # mount -t vfat /dev/sda /mnt/mstick/
mount: No medium found
here is udevinfo :
root@jerlaptop:/usr/src/linux # udevinfo -a -p /sys/block/sda
looking at the device chain at '/sys/devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/host8/target8:0:0/8:0:0:0':
BUS="scsi"
ID="8:0:0:0"
SYSFS{detach_state}="0"
SYSFS{device_blocked}="0"
SYSFS{max_sectors}="240"
SYSFS{model}="CF Reader "
SYSFS{queue_depth}="1"
SYSFS{queue_type}="none"
SYSFS{rev}="1.01"
SYSFS{scsi_level}="3"
SYSFS{state}="running"
SYSFS{timeout}="30"
SYSFS{type}="0"
SYSFS{vendor}="Generic "
Everything seems to check out fine! But /dev/sda1 isn't being created and I get the no medium found. Even if I do
#mknod /dev/sda1 b 8 1
I get a no medium found error. If anyone can help, please do! Thanks!
|
|
|
|
| ah lovely |
|
Posted by: CityofAsh - 2005-07-01, 05:23 AM - Forum: General Chat
- Replies (2)
|
|
You guys should make a sticky of what to do when your a pure N00b. Like how to start the commands to start. I log into this forum and i see all this stuff but it doesnt tell me basic commands or what stuff does. How to start basically. How the hell do i know what to look for being a new linux user. like how do i find stuff to install. How do i install it. What do i need for the basics. Stop just helping experianced people and make it more for real N00bs. thats what this boad is supposed to be about i thought.
Suggestions
Thx
~City
<replaced some words with 'stuff', see board guidelines>
|
|
|
|
| Network problems between XP and Fedora Core 4 |
|
Posted by: SativaDread - 2005-06-30, 07:04 PM - Forum: Network Problems
- Replies (11)
|
|
Ok i have a problem, before the installation of fedora 4 i used dsl line in xp all the time, i have no firewalls in xp or linux ( atleast i think i dont im a linux no0b) . after i install fedora 4 i figured out how to set up my dsl line and connect and it worked the first time like a charm however when i logged back into xp i can connect to my dsl line but when i try to surf the web or connect to anything web related such as instant messenger it is like i am not online, firefox cannot find goolge to start at homepage and whatnot. but i log out of xp and log in and restart the connection and it willl work fine for about 5 minutes and then time out. the same thing happened when i logged back in linux but i disabled etho and created my own setup and it worked fine im on linux right now. i doubt that xp will work when i go back in and i dont understand why. can anyone help
|
|
|
|
|
