Is it possible to only view certain chains and more specifically certain chain policies with options when doing: iptables -L..I would like for example view FORWARD ACCEPT rules instead of waiting for all of the drop rules to load when viewing a firewalled iptables.
View 1 Replieswhats the different between Chain RH-Firewall-1-INPUT (2 references) and Chain INPUT (policy ACCEPT)?
View 1 Replies View Relatedi heard many times the words tool chain , cross platform compiling , cross platform building etc ...
i can use the tool chain for All Linux OS ...?
just wanna ask how many firewall chains are supported by kernel? and what are there..?
View 1 Replies View RelatedHow would I ensure that whenever any user changes the password it should meet following.
1)It should be more than 7 Characters.
2)Atleast one Upper case character,digit and special character present.
3)Password is not same as username or dictionary word .
4)User should get email after changing his password(I have already setup mail account and tested the setup).
Code:
Distribution Detail
# lsb_release -a
LSB Version: :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: EnterpriseEnterpriseServer
Description: Enterprise Linux Enterprise Linux Server release 5.2 (Carthage)
Release: 5.2
Codename: Carthage
# uname -a
Linux OFSMUW-VMGR-51 2.6.18-92.el5PAE #1 SMP Fri May 23 22:26:05 EDT 2008 i686 i686 i386 GNU/Linux
The following line is in the /etc/bashrc file. It's fedora 8. I know this is meant to configure the prompt but I don't know what the syntax is specifically doing.PROMPT_COMMAND='echo -ne "33]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}07"'I think that 33 is the ASCII character for ESC but not sure what ]0 does or anything after the HOSTNAME variable. Are these xterm control characters? All of my Google search results fail to explain it in any kind of meaningful detail.
View 3 Replies View RelatedI have successfully installed a Ubuntu chroot (Maverick) on a running Linux appliance (an old Thecus N5200PRO box) which has been running various services for me quite happily.
When I attempted to add a webcam (for snapshotting) to this mix, I've come up against a problem. Since the chroot by default uses the kernel of the Thecus appliance, there appears to (understandably) be no support for the Logitech UVC webcam in the appliances' kernel; consequently inside or outside the chroot I can't access the UVC webcam.
I think I can get around this in a simple way if I can run a standard Ubuntu Maverick 32-bit kernel in the chroot.
Does anyone know how to chroot with alternative kernels, or quite simply, how to get a UVC webcam accessible on a Thecus N5200PRO?
Other details:
lsmod output
Output of uname -a:
Linux cube 2.6.23N5200 #1 PREEMPT Wed Jul 29 14:13:22 CST 2009 i686 GNU/Linux
lsusb -t output
I have created a new user define chain # iptanles -N blacklistNormally when we add a new rule it automatically insert in the default iptable but when we create a user define chain then how can I add my rules in this chain ?
View 3 Replies View RelatedI was having trouble setting up a db connection from my local machine to a db server that was configured to only accept connections from machines behind its own subnet. I had trouble setting up a multiple hop tunnel for chaining port forwarding through my firewall machine on the same subnet as the db. My first attempt involved two port forwards, on localhost and on the firewall machine, which didn't work for me. This approach I found at URL... involved constructing an end to end connection to the db via the firewall machine.
View 2 Replies View RelatedI'm trying to recover movie files from my TNT receiver hard drive but it corrupts its FAT32 allocation table (crappy cheap device...)
Using dosfsck is useless because the correct file length is the cluster length, not the (shorter) one in the table, and dosfsck only proposes to shorten the file, which I won't do.
Question: how to recover a file using the FAT cluster chain instead of using the stored length in the FAT table?
How would you remove all iptable rules and chains?
View 2 Replies View RelatedWhat commands do you use to set the INPUT, OUTPUT, and FORWARD chains in iptables to ACCEPT?
View 5 Replies View RelatedI can't seem to find the "Authorizations" GUI that was present in earlier ubuntus for configuring system policies. It used to be in System - Administration - Authorizations. Which package does it come in? What's the console command for it?
View 2 Replies View RelatedI am facing a problem when I tried to set policies on the firewall with following commands:
iptables -A INPUT -p TCP -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p UDP -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p TCP -s 0/0 -j REJECT
[code]....
Here, I want to deny all traffic except DNS traffic, it should be permitted. I tried to log the traffic but I did not find any update in /var/log/messages.
I've read the instruction about setting up the iptables rules to filter all port except HTTP, SSH, FTP. I require first remove all default iptables rules and set default rules to all chains as DROP:
# Set default-deny policies for all three default chains
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
Then allow only some ports:
#Accept inbound packets that are part of previously-OK'ed sessions
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# Accept inbound packets which initiate SSH sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 22 -m state --state NEW
# Accept inbound packets which initiate FTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW
# Accept inbound packets which initiate HTTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW
# Log anything not accepted above $IPTABLES -A INPUT -j LOG --log-prefix "Dropped by default:"
But I hired a VPS from other country so the only mean I can manage it is via SSH. If I setup the default rule to DROP first, I afraid that I can no longer connect via SSH to tell iptables allow SSH
So my question is:
- Does the IP tables take effect immediately after I input a rule?
- Is there any mean to run this as a batch job (create a script and run all these rules one time).
- My VPS has a web control panel which have a terminal via web. Is this a native terminal or just a connection via port 80 or 22?
I want to simplify some of my rules, so I want to create rules for certain services like xmpp, web, etc. since some of them use multiple ports, and I toggle them on/off a lot. Can I simply put the jump to rule clauses in the Input chain, and once the sub chains run, does it return to the input chain after the jump to rule clause? I want to do this so I don't have a ton of rules in the input chain. I think that if I simply make a list of all the rules to jump to in the input chain, it will work itself through all of them until it finds a matching filter in one of them correct?
View 9 Replies View RelatedI am currently reviewing what it means to switch over to Ubuntu and I have the following scenario. If I was to switch all the windows servers over to an Ubuntu solution. I already understand that file servers/ mail servers and resources can be provided Ubuntu 10.04. The issue comes with the user accounts access and control. In a windows environment, I have a domain with sub domain sites. I am able to control passwords in each site separately thought Active directory. I need the instructions on how to setup an LDAP server so that I can control access rights to different services located on different servers.
Example 1.
I have 5 mail servers and on the HR side, I have 2 email administrators. I wish to provide them access to only the relevant resources centrally. With out having to add users to different users repeatedly. For example, if I wanted to grant the two administrators access to all five servers. As I understand it, I would have to create the same user on every server and add a public key on every server, as well as set the administration rights for that user on each server individually.
I want to be capable of doing this like I am in a windows environment from some sort of domain controller equivalent. Things that I must be able to do, manage users public keys on each server centrally. Add and remove user's access to each server centrally. Finite control on what each user can do on each server. (i.e., add them to the sudo group or any other group for specific servers/server class I specify). To a lesser extent of requirement, I also need to be able to inform users they have to change there password every 3 months from when they change it. As well as enforce password rules, such as characters complication.
Does anyone know how to (permanently) get rid of this?
As you might have guessed, typing the root password and pressing OK has no effect.
This is NOT a laptop!
Write a shell script setup linux security policies include:
1. password policy
2. User policy
3. firewall
Note: Create a file.sh from 1 to 3. purposes:
If (1) successful then 2 If (2) successful then 3 End
I don't know how to write a shell script to set security policies for Linux to start. and how. I know that there are many security policies for Linux but do not know which one best suited to write a shell script.
View 5 Replies View RelatedI'm trying to cross-compile "sudo" source for Power-PC platform using Montavista tool chain. I'm getting the following error message during configuration: checking host system type... Invalid configuration `ppc_82xx': machine `ppc_82xx' not recognized It is clear that it has found the cross-compiler and configure knows that we are cross-compiling but it fails to recognize the machine. The complete dump follows:
[vhn@localhost sudo-1.7.2p2]$ ./configure --host=ppc_82xx
configure: WARNING: If you wanted to set the --build type, don't use --host.
If a cross compiler is detected then cross compile mode will be used.
configure: Configuring Sudo version 1.7.2p2
checking whether to lecture users the first time they run sudo... yes
checking whether sudo should log via syslog or to a file by default... syslog
[Code]...
The Preferred Applications applet doesn't do what I need it to do.
What I'm looking for is a Win 3.x style File Association applet or config file so I can have .mp3's handled by Audacious and .m3u's handled by VLC, and so on. I'm sure it's out there somewhere, but I can't find it.
I mainly do c/c++ development in linux...also i sometimes use java and i would really like it if i had mono also.. so i am pretty much looking for support for all major languages with ides...can u suggest me a distribution?
View 1 Replies View RelatedI have installed Debian 8.1 in several machines. Always I have a message for updating the systems I accept the upgrade.In one of the machines, where I did several upgrades, Inkscape never have been updated while in the others a updating from Inkscape 0.48 to 0.91 was made. I do not why and I would like to have Inkscape updated in all machines. is there some special condition for what packages will be presented for updating?
View 6 Replies View RelatedHow do I run Samba with a different option, specifically -D? Can I do it from the GUI (system-config-samba)?Also, how do I ensure it runs and startup?
View 9 Replies View RelatedI have read a million threads about adding exceptions to Maximus, and I know how to do that, but is there any possible way of telling Maximus not to touch any programs except the ones I specifically want it to? Actually, the ONLY program I want it to touch is Firefox.
Is there some secret syntax I could put in the exceptions to the effect of "all and not firefox" (as in, make all programs an exception, except Firefox)?
If I was to set up a Cluster, I know it wouldn't make much difference to loading up my browser, but would all heavy duty programs (Video Encoders mainly) work with it, or would I need to use programs specifically designed for cluster use?
View 1 Replies View RelatedI'm really new to Ubuntu, and am running 10.04. Anyway, I accidentally got rid of the Evolution icon in my Notification Area. Every time I try to put an icon in that section, it will not let me, and makes me put the icon on the left side of it, like on the main part of the panel. I do not know if I just hid the icon, or if I actually removed it, and I am sure the fix is really simple, I just can't seem to figure out how to do it. Also, I opened the Universal Access program when checking out all the cool things in my new OS, but I can't figure out how to hide that icon.
So if you could tell me how to unhide Evolution and hide Universal Access, in the Notification Area, that would be awesome.
Here is an image if you do not know where I am talking about, or whatever
Is there a Linux competitor for Zune and iPod out there? - any portable media or mp3 player that is specifically made for or by Linux? I know there are enough players that simply play mp3s off a flash memory and are therefore compatible with any OS but I am rather looking for something like Zune or iPod - doesn't have to be with touch screen but with some library interface and easy synchronisation options.
View 4 Replies View RelatedI'm planning on setting up a server cluster specifically for 3D video rendering. In order to maximize speed I wanna use OpenGL hardware acceleration for that and I'm pretty sure that I have to use an NVIDIA video card if I want the whole thing working reliably. Will I be able to start an X-Server with GLX on an NVIDIA video card that doesn't have a monitor connected to it? And what will be the maximum "virtual" display resolution that I can use?
Since I wanna have several servers running side-by-side I really don't have the room for any monitors.Just to avoid misunderstandings: It is not my intention to show what's being rendered to anyone in real time. I will only create video files that can be downloaded later. I'm already pretty sure that this will work, probably using "CustomEDID" or something like that, but I don't have a suitable setup available to test it right now.