Security :: Can I Run Something Like Pfsense On Top Of Server?
Jan 13, 2011
I'm running a CentOS server, but I'm not familiar with iptables. Can someone recommend a firewall where I can manage it via a web browser. I might be off here, but can I run something like Pfsense on top of my server ?
how can i install pfsense to red hat 5 i have tried and it asked to install other files(dependencies).i searched about it & i find that it can be done thrugh yum installer easily. how can i do that.
I am trying to setup a PXE booting environment in my network and I almost got it to work... Only it does not quite work yet... Basically, I want my laptop or any other machines to boot from my network. I followed the instructions from AlienBob to do so. I setup my laptop to boot from the NIC, it automatically gets an IP from the DHCP server (pfSense);
I setup my gateway/DHCP server (pfSense) as is: -The IP address from the network boot server: 192.168.0.101 (the server where my slackware mirror and all tftp boot files are) -The filename used for network booting: /mnt/it-maintenance/tftpboot/slackware-13.1/pxelinux.0 (the absolute address of pxelinux.0 in my server)
I setup the network boot server (running slack 13.1) as is: -uncommented the line in inetd.conf to have:
Code: tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot -r blksize -added a NFS share to /etc/exports to have: Code: /mnt/it-maintenance/operating-systems/slackware-13.1 192.168.0.106(ro,sync,insecure,all_squash)
I opened a thread on the general networking section of the forums to discuss about a problem I am experiencing with a newly installed slackware 13.1 (not 64b) on my dell laptop. Basically, the machine is not getting an IP from the dhcp server on my pfsense router. All other machines on my network are still getting IP's fine, and the pfsense box never changed. I can get an IP from the pfsense box by manually loging as root and using /etc/rc.d/rc.inet1 eth0 restart (note the argument eth0 necessary to get the ip).
User markush at the link below suggested I open this thread here, I think its a great idea since I believe it is a slackware problem. he also recommended to use tcpdump to diagnose the connection problem. Here's the results:
I issued the dhcp renewal commands in a terminal and monitored the output of tcpdump in a different terminal.
Code: root@xpsm1730:/home/lpallard# /etc/rc.d/rc.inet1 restart Polling for DHCP server on interface eth0: dhcpcd: version 5.2.2 starting dhcpcd: eth0: waiting for carrier dhcpcd: timed out
[Code]....
I believe the router is fine since all other machines are all using slackware 13.1 (one slackware 32bit and the other slackeware 64) and are all handshaking perfectly with the pfsense box.
I also believe the kernel on the faulty machine is OK since I am using the very same kernel(2.6.37) on the machine running slack64 and this machine is also handshaking perfectly with my pfsense box.
Please see http://www.linuxquestions.org/questi...get-ip-857683/ for more details.
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
I'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?
I've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
I'm new to server admin, so my question is based on what may be a bad assumption. With a server, my assumption is "if it ain't broke, don't fix it". In other words, I'm not really interested in upgrading the software to the latest and greatest if I already have stuff working on the server.
However, the one place where I DO want to constantly have upgrades is for security patches. How do I apply security updates to Ubuntu Server... and ONLY security updates?
I followed this how to to make a NFS server: [url]
So it means: exports looks like this:
Quote:
Here are some quick examples of what you could add to your /etc/exports
For Full Read Write Permissions allowing any computer from 192.168.1.1 through 192.168.1.255
It means that if sbdy arrives with a linux machine, puts the ethernet cable into the router, then logs as root on his machine, and mount the exports. He can do almost everythg, with permissions chmod'ing ...
Is that LAMP, or i am wrong for nfs kernel servers, the ultimate users/password servers against that to prevent those physical approches /logins?is there good how to ?
I want to know how can I test my server security with hping3 tool I want to make a virtual DoS or DDoS or SYNK attack in my LAN to test my server security and ability against these attack .Is hping3 a good solution for this or not if yes how can I do this which option of this can make such these attacks?
I'm using Postgresql 8.4.2-2. I'm trying to remote into my server securely. I figure I could do so with ssh. Apparently I figured correctly, as per, [URL] and [URL] I setup the ssh tunnel. ssh -L 5432:serverip:5432 Then I setup pgadmin3 to connect as follows:
An error has occurred: Quote: An error has occurred: Error connecting to the server: server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.
I'm not sure what the problem is. I can connect with Code: psql from the cli after connecting to the terminal via ssh. So I know that I'm using the correct password.
I have NFS set up on my file server on my local network. Right now I'm allowing all local IP's. Now I want to be able to access the shares from home, across town.
Can you secure NFS in any way other than IP restriction, ie. password login? I know I could just use sftp but I want the control and seamlessness of NFS.
I had two continues attack on our server(web hosting capnel)...The attacker is deleting one users public_html content so that he is losing his contents.. Actually all files are with owner as him. But I don't know what's happening? is it a good idea to use some IDS on server..would it be a overhead for server?
For some time now I've been noticing the network activity light for my linux box blinking like mad on my router. After a little looking around for ways to see what connections my box has established, I found the following using lsof -i
I know I'm not using IRC, and I have my sshd locked down fairly tight, requiring a key to log in, so obviously, it looks like there's something or somebody in Croatia (the origin of that IP address) connecting my system to undernet.org for some nefarious purpose. Looking at my processes, ID 13839 shows up as
Code:
13839 ? S 0:00 bash Just 'bash', not '-bash' as
Code:
13426 pts/0 S 0:00 -bash
my session appears. Previously, this odd bash process was ID 2704, which seemed to imply that it had launched fairly soon after my system booted up which really makes me wonder. Oh, and yes, I did kill that 2704 process, and it returned as this 13839. 2704 also had those same IRC connections present in lsof.
I am creating an FTP server using VSFTP. It will be in the wild, initially at least only functioning as an FTP server. I have the iptables config from the previous box I set up 3-4 years ago. I have also got private/public key authentication running with SSH to eliminate brute force attacks.
Here is where is my specific question. On the old server I set up something that allowed my clients to log in using accounts that were not system accounts but would translate to a single system account that was limited to FTP. I remember setting up a passwd account that had username / password pairs that FTP used for authentication.
What app is this? Is it just part of VSFTP or maybe SELInux? I really want to utilize this.
I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
I have a rather secure server that I have hardened. Only allow ssh non stranded port and the port 80 for my LAMP. Use aa for everything. The server uses Snort as an IDS and PSAD (port scan attack detection). The firewall is a custom in-line IPT using fwSnort rules. This one was off the chain! As I was upgrading from the 10.04 LTS to 10.10 I was reading ever new file that was being put on my disk with "D" Ubuntu asked me if I wanted to replace the old file with this one.
I have an Ubuntu 10.04.1 LTS server that I set up a while back and I am considering encrypting the whole box. I store everything on the server and if it were stolen from a home robbery it could be quite devastating. The server is using two 750 GB SATA hard drives formatted with LVM. Inside the LVM I have a small partition on the first drive for the OS, SWAP, and everything else on the first and second drive is /var/media which is where I store all the data. I have set up an encrypted LVM on my laptop but that was during the install using the automatic method.
I can't figure out how to do what I want to do and I don't want to risk destroying the data on the server. What I would like is to non-destructively encrypt the server (System, SWAP, and DATA partitions) similar to how TrueCrypt works on Windows and I'd like the encryption key to be stored on a USB thumb drive so when the server boots it requires a hardware key. (And have the encryption key backed up online in case the flash drive dies.) And I'd like to use AES 256.
I am trying to figure out how to turn my 10.10 server into a listener only. I have it set up using snort/acidbase. It is grabbing my network traffic just fine. I want to now set up a second server to hold all the data it collects. I need to change the snort server so it only listens. I disabled ping responses, but I want to go farther than that. I want to disable responses all together. I want it to only grab the data and store it.
Ok im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
In 2 weeks, I will be handed over 8 servers, each one hosts around ~3 virtual machines, which will make them a total of around ~24 servers. And part of my initial responsibility is to make sure that these servers are secured and ready for me to look after.My question is, what are the best procedures (or as I will call it "checklist") to assess and audit each server, and be 100% sure that the server doesn't have a rootkit and everything is secured.
So I installed denyhosts on my system and I ssh to it fine. Then all of a sudden I got an email saying my ip was added to the /etc/hosts.deny file.I have no clue why. I did not fail the login. So I had an open session and put it in the /etc/hosts.allow file and tried to ssh back in no problem.Then I logged out and all of a sudden I got the email saying my ip was added to the hosts.deny again. Now I am kicked out of the system..
I am guessing I cannot get back in until I get to the console and remove it. I can power on and off the system remotely but I enabled the chkconfig denyhosts on option so it starts on reboot. No remote console is setup.So it looks like I am hozed until I can get to the console, bummer as I was trying to set up a spacewalk server on it. I cannot get to the console for a few days so if anyone has ideas how I can get back in let me know. But denyhosts seems to be working as designed.
This was a default install I did not configure anything funky. Just changed the email to root and started it.I thought about changing my client IP but that wont work as I only have ssh passed on my router to that IP so if I change the client IP I wont get into my routing machine.I think i answered my own question but just thought I would askI guess my real question is why would denyhosts block my IP when the login did not fail and how do i configure it so this does not happen again.
I'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment. Username: root Password: ajack2343d Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
Im using ubuntu and i run a game server. Ever since i posted my server i have an IP address trying to join my game on a different port everytime, seems random and its nonstop for a week since its been up.
[INFO]/72.52.102.33:[random 5 digit port] lost connection NONstop
I port scanned them and i think its not a person but some service or server type buisness.
I use a linksys router, i couldnt find anything on blocking IP's at the router from the outside.
Is there anything i can do to stop them before the get to this server to login?
i have set firewall for centos of 192.168.1.21 server like this.
it has a gateway of 192.168.1.2
iptables -P INPUT DROP iptables -A INPUT --in-interface lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EB:91:00:01 -j ACCEPT iptables -A INPUT -p tcp --destination-port 80 -m mac --mac-source 00:0F:EB:91:00:01 -j ACCEPT
the mac source is my laptop's mac address. But when i try to ping from my laptop of 192.168.0.2 (my gateway is 192.168.0.1 but share the same server that has 3 network gateway including gateway for the centos)it failed. what i should do to enable this ping.i also cannot connect to the centos server unless i change my ip to 192.168.1.x and same gateway as centos.can someone suggest what should i modify my firewall to enable connection to centos server from my 192.168.0.2 laptop? is that related to nat and forward chain in firewall of centos?
- lots of users work with linux Desktops. They use them as testing servers.
- All the infrastructure has the Authentication services linked by Quest Auth Services againts an AD. This gives us the option of logon scripts, startup scripts, and other things.
- One interesting option this Quest thing gives us is SUDO management. We can edit sudoers file by GPO politics.
- Now we are deploying a NAS server from Hitachi with cifs and NFS mapping capabilities.
- Servers are managed by IT, so nobody can go root except us.
- Desktop users will also mount the NFS shares so they will be able to work with real data and read their own data from servers.
- Desktop users can go sudo su.
- If desktop users go from root to another user, the NFS let them work as they where the other user.
I would like to keep them from swithching users, but only between AD users, they must be able to switch to apache user or postgres user.
I want to be able to mount an ftp account to a local folder, I have set up a ftp server that is working fine, I have tested it with a few windows ftp clients and it works fine. I am trying to use CurlFtpFS to mount it to /backup as I know it is supported but am running into an error I cant get around. I have tested that my box can access the server using the ftp command, see below
Code:
root@Fileserver:/# ftp 192.168.1.254 Connected to 192.168.1.254. 220 (vsFTPd 2.0.6)
[code]....
but when I try to use CurlFtpFS I get a Error connecting to ftp: Access denied: 530" error, see below