General :: Web Panel To Manage Iptables And Tc / Secure Implementation Of Changes
Mar 19, 2010
Subject of my school work:"Web interface for managing firewall and band on the access server (Linux)"I have a big problem because I do not know how to safely implement the change in the system and show the logs on the Web page.Unfortunately, the number of solutions for today is enormous and it is increasingly difficult to me to decide on the right.They are:
1. Launching a web server with root privileges (the default mode of miniserv'a Webmin)
2. CGI scripts on apache SUID (mode webmin on "foreign" server)
3. suPHP or suexec
4. Cron implements changes to the root
5. Daemon in C "periodically" implement changes in the configuration files created by PHP
6. Daemon in C to implement the changes requested in the configuration files created by PHP
7.Use SSH in PHP and after logging into the root of execution of commands in the configuration files created by PHP (the root password in the DB)
8.Use SSH in PHP and after logging into the root of execution of commands in the configuration files created by PHP (the root password, enter manually)
9. Like the above so that the use of sudo and user rights only to the necessary shell commands
10. Add the user apache in the /etc/sudoers can perform all the necessary applications shell commands
11. Seize the opportunity to command: shell_exec ( `sudo php-f / home /example/script.php`), and /etc/sudoers
View 1 Replies
ADVERTISEMENT
Oct 20, 2010
I am trying to understand the implementation of iptables and netfilters. Any good links or docs.
View 1 Replies
View Related
May 6, 2010
IPtables, implementing each type of NAT
-Full Cone NAT
-Restricted Cone NAT
-Port Restricted Cone NAT
-Symmetric NAT
using IPTables.
Explanation:
Full Cone: A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address.
Restricted Cone: A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the internal host only if the internal host had previously sent a packet to IP address X.
Port Restricted Cone: A port restricted cone NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P.
Symmetric: A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host.
On the netfilter mailinglist, Pedro Goncalves suggested the following:
192.168.2.170 is "public" address and 10.0.0.1 is "private" address
/-"Full Cone NAT", with the following rules:/
HTML Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 10.0.0.1
/-"Port Restricted Cone NAT", with just a single rule:/
HTML Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
View 1 Replies
View Related
Jan 30, 2016
I tried Google and searching here to no avail...
Running Debian Jessie 8.3
Linux 3.16.0-4-amd64
KDE SC Version 4.14.2 with plasma
I am trying to remove some icons from the "taskbar"/panel and find the only real options are adding MORE widgets, adding another panel, or deleting the whole panel.I simply want to remove a duplicate and re-arrange the icons without having to delete the panel, add another panel, and careful add, in the order I want the icons, the widgets right-click on the panel and I get "Task Manager Settings ALT+D,S" and "Panel Options" which offers no visible means of managing the panel.I condemned to deleting the panel and starting over?
View 3 Replies
View Related
Feb 5, 2011
not able to solve an error when i try to do a wireless scenario in ns2.
num_nodes is set 3
warning: Please use -channel as shown in tcl/ex/wireless-mitf.tcl
INITIALIZE THE LIST xListHead
View 2 Replies
View Related
May 21, 2011
I like 11.04 with Unity however I would like to find a method of managing workspaces with mouse (not keyboard) which gives constant visual feedback and is faster than using the launcher bar, which although not 'slow', takes time to appear and it then takes time to locate the (non movable) desktop switcher item.I happily adopt most of what 11.04 (Unity) offers, however, I really still miss the good visual feedback and the single click action that the lower panel (classic) desktop switcher used. Is there a way of me using some item in unity which is closely similar?
View 3 Replies
View Related
Feb 25, 2010
I need to optimize the implementation of DSR algo using NS-2. Now i need to identify the first of all "the parameters which i can change and which are effective in optimization point of view." I want to get into the c++ code as well as header files which are used to implement DSR algo.
View 4 Replies
View Related
Aug 11, 2011
I am trying to find a leach protocol implementation for ns2.34 but all links available are dealing with ns2.27 Are the instructions valid for ns2.34?
View 4 Replies
View Related
Dec 7, 2010
I'm looking for linear hashing implementation in C language. PS: I have to implement this on Ubuntu 10.04 Linux on 64 bit machine.
View 2 Replies
View Related
Sep 15, 2010
I am new to this forum and to Networking as well. I have chosen to implement:
1) SIP Client using C' language
2) Platform: Windows
3)Its going to be on command line
my problem is that I need some reference like books, material or website where I can learn how to write the code from scratch or port the code according to my requirements. My implementation should serve the purpose like two SIP clients should communicate with each other for exchange of Audio data.
View 4 Replies
View Related
Aug 1, 2011
My network diagram is internet<---->dansguardian proxy(centos5)<--->my network i have blocked facebook for my network but now i want to give only 2 ips to get its access & i do not want to enter these ip in exceptioniplist as if i doo so then they will be able to access all the sites that i have blocked. and if i am giving this entry [URL] in bannedsite list it is also not working.....
View 1 Replies
View Related
Sep 17, 2010
I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
View 6 Replies
View Related
Dec 1, 2010
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
View 1 Replies
View Related
Sep 15, 2010
I am using Fedora 13 and have an intermittent problem with the printer(HP d2540). Periodically, the printer will not finish a print job or the software leaves some form of command that interferes with the subsequent jobs. I haven't had much luck finding the print queue. Typically, the print jobs are coming out of the OpenOffice word processing segment and I am not sure whether there is an actual problem or simply a page formatting error.
View 2 Replies
View Related
Jan 22, 2010
i want to allow the user winny to manage users...i have added the following lines to the visudo file.
#user alias specification
User_Alias LIMITEDTRUST = winny
#command alias specification
[code]...
View 13 Replies
View Related
Aug 2, 2010
Can I know the implemention of RSA(Encryption and decryption) algorithm in C / C++.
View 1 Replies
View Related
Apr 27, 2011
I have a copy of the MD5 algorithm and I'm taking a look at the source. It's pretty interesting but there are a few things that I'm curious about and I was wondering if anyone a bit more intuitive than I could help me out.The function declarations in the MD5 files are a bit unfamiliar to me. There is a macro used called PROTO_LIST, which I'm still not sure as to what this thing is doing exactly, but it's littered everywhere throughout the source.The signature here isn't too unfamiliar to me with the exception of the position of the PROTO_LIST macro. So here is a function with an unnamed argument of type MD5_CTX*.To me, this resembles an initializer list found in C++ with constructors but I certainly don't think that is the case here. So my questions about this are (1) how is this legal code in C and (2) what functionality has the PROTO_LIST macro provided for the function?
View 3 Replies
View Related
Aug 3, 2011
How do I divide my hard drive into multiple OS'es/partitions for my test machine? For example:
Win XP
Win 7
Gentoo
Ubuntu
Storage
Can Linux'es share swap area? I was told to leave the first primary for the grub and linux cores.
View 1 Replies
View Related
Nov 7, 2010
I am looking for some documentations to manage/ administer my Ubuntu installation.
View 1 Replies
View Related
May 11, 2010
i have done everything that all the documentations have said and i still cant get this bloody thing working. some one give me the exact commands that removes all traces of all wine packages. and then can someone give me the exact commands to install.
which user i must be doing this under and exactly what i must configure in the config files. all that i want too accomplish by this is to successfully play games on my pc.
View 5 Replies
View Related
Apr 10, 2009
How to implement Network Protocols.
View 1 Replies
View Related
Dec 9, 2010
Have any of the below TCP based applications are implemented over SCTP in Linux ?
1. ftp
2. telnet
3. HTTP
Or any other applications ?
View 1 Replies
View Related
Dec 11, 2010
What Linux software would you recommend for managing a library of searchable PDF documents?
I have a Fujitsu S500 document scanner, and have been using the Windows software that came with it to scan and organize various documents (letters, bank statements etc). That software is of very poor quality. Besides, the drivers are proving very tricky to get working on 64-bit Windows 7.
Since I dual boot into Ubuntu, and the scanner works there out of the box, I am thinking of migrating my PDF workflow to Linux, hence my question...
View 1 Replies
View Related
Nov 17, 2010
We are looking for a web based, server application to manage staff skills running on ubuntu (10.04 lts). Something like we attach tags with skills to people photographs, and then when people connect to the application by means of a browser, they see a list of tags, they click on a tag they get a list of people who have that skill. Ideally, the tags should be hierarchical (for example, skill: statistics, subskill: non-linear).
View 10 Replies
View Related
May 10, 2011
On my PC, I use GRUB to manage my dual-boot startup on my PC. Every time I update my Linux, It adds another 2 startup options on my HD for every distro I have. (The Normal and Recovery modes for the new version.) I would like to add the VortexBox distro someday.
Is there a way for me to get rid of the older versions of Linux distro's on my GRUB menu so I just see the newest? I have 6 options for Ubuntu 10.10 and 4 options for UGE 2.8..
View 3 Replies
View Related
Jan 20, 2011
I'm in need of some advise from you guys. I'm currently running a live production serverA, and last week it went down for a couple of hours which was really bad to say the least.
I've been thinking about building a mirror serverB that will rsync my data nightly. Now I don't want to load balance here, I just need to be able to switch to serverB when serverA goes down for any reason.
Would the best solution for this is to change my main nameserver entry when I want to switch ? I'm just curious if it will be a few hours or an instant change.
I thought I'd ask before attempting this live.
View 3 Replies
View Related
Apr 6, 2011
I've implemented a program URL... which reads digital IF data from a radio receiver through a named pipe, measures power levels, and sends the result to stdout. The program is interactive; there is a thread that reads from stdin to watch for commands, a thread that constantly either reads data from the named pipe or throws data away, and an array of processing threads. The program uses GTK+extra to plot the signals. The IF data stream bandwidth exists at the limits of today's technology (is very very fast).
Problem Statement:The program works fine with a few bugs. I've learned since I've made it that using global state variables to coordinate threads isn't a good way of doing it. I also only had knowledge of mutexes and polled the state variable instead of using other methods.My reimplementation will use the following:
- One "Stdin Command Monitoring" thread
- One "Get data from named pipe" thread
- One post-processor thread
- N Processing threads
All threads are alive during the life of main()There are N buffers. Data will come in from the named pipe, and the "Get data" thread will write the data to an "available" buffer. When the buffer is full it will be marked as "full". There will be N processing threads, one for each buffer. When a processing threads' buffer is full, it will process the buffer and save the result to a final buffer. At the end of a number of averages, the post-processor thread will perform a final process on the final buffer and send the results to stdout.
View 2 Replies
View Related
Apr 14, 2011
I'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.
I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:
/user/local/lib/iptables
/sbin/iptables
/lib/iptables
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
how I can save the iptables?
View 1 Replies
View Related
Mar 13, 2010
I am making a simple Pandora.com alternative for myself and a few friends where the user can upload his/her songs and listen to them anywhere. My intent is to make a lightweight, simple player in HTML5 so all the user needs is a current Firefox or Chrome to use it. I have set it up so that all uploaded songs get converted to .ogg and added to a database but I also want some metadata (not sure if that is the correct term) for the songs to be stored in the database so the player can tell the user what song he/she is listening too. I know there are several GUI tools for managing the title/artist/album info for songs but I'm having trouble finding any good ones I can use from the command line. If the song has the information already in the file, I think I can use mplayer to retrieve the information but it would be really great if there was one that would look up the song information online.
View 1 Replies
View Related
Jul 29, 2010
On PC-BSD 8.1 (KDE) I have four workspaces. I want to launch rdesktop 1.6 in one of them, full screen if possible (I'll settle for nearly-full in a window if I have to), and be able to do the following:
Switch between windows in the remote session using Alt+Tab. Switch between local workspaces using either the default Ctrl+F1 or what I've switched it to, my preferred Alt+F1.
It seems if I use the -K option, I get 2 but not 1. If I don't, I get 1 but not 2. Is there no way to do this? How can I tell rdesktop to send or not send a specific key combination?
View 1 Replies
View Related
