Security :: How To Rate Limited IPTABLEs Treat A Screen Session On Ssh After Disconnection
Nov 3, 2010
Take this scenario If I have rate limited the connections to 4.(i.e if you attempt 4th connection you wont be able to login for some time.) If in a minute I get disconnected 3 times while I was already logged in on the server with a screen session, will I be able to login or I need to keep quite for a minute?
Quote:
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource
View 5 Replies
ADVERTISEMENT
May 20, 2011
I'd like to discourage the SSH bots that try to log into my system (CentOSv5), and among other things, I've changed my SSH port to someting other than 22. As well, I've been playing around with the idea of some iptables rules (note port 22 is used here as example):
Code:
# Allow SSH with a rate limit
iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -m hashlimit --hashlimit 15/hour --hashlimit-burst 3 --hashlimit-htable-expire 600000 --hashlimit-mode srcip --hashlimit-name ssh -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j LOG --log-prefix "[DROPPED SSH]: "
iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j DROP
I am *NOT* an iptables expert. What do you all think about the above code snip?
View 4 Replies
View Related
Sep 23, 2010
I have configured my squid that have a limited access to websites but still some website were accessable vis https so I removed transparent from squid. Now what changes do I have to make in iptbles
View 1 Replies
View Related
Apr 8, 2010
I'm a newbie in the world of netfilter/iptables. I've read an article about iptables and rate limit module:
Code: iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT The firewall will let the first 5 packets in in the first minute, -limit-burst 5; this means, however, that the packets/minute now is 5, so any further packets are blocked until packets/minute = 1, i.e. 5 minutes later. In the sixth minute, packets/minute will be 5/6 < 1, so another ping request will be let in. When the extra ping request is admitted, the ratio becomes 6/6 = 1 again, and packets are DROPped again until the next minute.
Now I have some problems in understanding how it works.
For example: I want ping google.com in this way: the kernel firewall permits to send the first 5 packet to google.com (--limit-burst 5) and then it blocks the remaining packets for 5 minutes. At sixth minute (because I wish a limit rate equal to 1/minute: --limit 1/minute) one packet can send to google again. And so on.
So my rule should be:
Code: iptables -A OUTPUT -d url_of_google -p icmp --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT In this way, if i digit
Code: ping -f url_of_gogle I expect that the first 5 packets are accepted (and so zero '.' will print on the screen) and then for the remaining 5 minutes no one packets will be accepted (and so a long string of '.' will print). But it doesn't work...
In man pages of ping we read (about -f option):
-f Flood ping. Outputs packets as fast as they come back or one hundred times per second, whichever is more. For every ECHO_REQUEST sent a period ``.'' is printed, while for every ECHO_REPLY received a backspace is printed. This provides a rapid display of how many packets are being dropped.
View 2 Replies
View Related
Mar 6, 2011
I have about 5 machines that are under Ddos daily and I use rate-limit for Iptables to protect that and it works good.My UDP ports 20100 to 20400 are actually under Ddos so these are the commands I use:
Code:
A INPUT -p udp -m udp --dport 20100:20500 -m state --state NEW -m recent --set --name DEFAULT --rsource
[code]....
View 5 Replies
View Related
Oct 27, 2010
I have a bridged network setup ifconfig -a gives following output
Code:
br0 Link encap:Ethernet HWaddr 00:26:b9:82:42:38
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::226:b9ff:fe82:4238/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:150779 errors:0 dropped:0 overruns:0 frame:0
[Code]...
3) What are these vmnet1,vmnet2,vmnet3,vmne4 which I see above. I used kvm and virt-manager to create a bridged setup.
View 1 Replies
View Related
Sep 30, 2010
I have a SSH server set up at home listening on port 22. I have hardened the server so it is pretty secure but I want to make it even safer by editing my iptables to rate-limit incoming connections and DROP false login attempts. I have tried these tutorials but I just cant get it to work:[URL]I want the debian-administration.org tutorial to work but when I try to add the first rule in terminal:sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --setI get the following:Bad argument --set'I am new to iptables and I'm not sure if I'm doing something wrong when I try to set it up. I'm using Ubuntu 10.04.1 LTS with iptables v1.4.4.
View 6 Replies
View Related
Sep 19, 2010
is there any way to make user with command text, just with accessbility to change network IP Address ?
View 4 Replies
View Related
Nov 21, 2010
I want to have an account (beta user), on which:I can use the Internet and other programs without administrative rights without the right to install programs with a kind of sandbox for everything that is connected to the Internet, which means: everything that is associated with the web browser's processes and files that I save to hard disk I want to be separated from the rest of the system, so that whatever can catch up on this account will be locked in it, for example any (if at all) possible malicious scripts from Internet or whatever may be dangerous now or invented in the future. Sometimes, for example, I save the web page to disk with all it content.
And in case someone cracked into this account I want make it in that way that he could not do any tricks to read or change passwords, or make any other changes to the system. The best would be if a password for that user might serve only to log in without having any other powers, and I would give that user an automatic login. For now I created a beta user without administrative rights. I understand that the limiting rights of the user are associated with limiting rights to their home directory. There are also groups, and a user may be included or excluded. I excluded that user from admin group but I don't know what else I can limit and how. When I give chmod 0644 for /home of this user he cannot run Firefox. When I give him 0740 he can run applications, so I assume the x attribute must be preserved.
This is a user without sudo rights, so when I type sudo apt-get update a message shows up correctly that this user doesn't belong to the sudoers group. But still it's not what I wanted. When the user runs Gufw and wants to change the settings to disable the firewall, a message shows up asking to type in a password of alpha user = primary user, which is that belonging to the sudoers group, the first / main user that I created during system installation. I wish that there was only the message that the beta user has no power to change anything, which means even completely remove the possibility of asking for sudo.
In addition, I wish that this beta couldn't be able to change the permissions to its home directory, or go to see what is above. Because so far beta can change the file permissions for its /home, even without a sudo password. How can I do it? Do I need to create a kind of chroot jail for this user? I would like any changes to that user account could be made only after the user log off from beta account, and log in on alfa account and that beta could run only programs that ware installed by alpha. And that beta could read and write, but alfa could also read and write or remove, alter files on beta account. Basically, alfa account should be superior to beta account. Can do that?
View 9 Replies
View Related
May 22, 2011
I've encrypted my root partition with LUKS and cannot remember my password. My main question is this: is it possible to extract the hash (or key; not sure on the correct terminology here) from the LUKS header and run it through a cracker? The hash type is SHA1 and I can remember the characters I used for the password, just not in the correct order (lots of special characters). That being said, given such a small charset, it should be crackable within a reasonable time, correct? Especially if I used a GPU accelerated cracker. What I don't know how to do is go about getting the hash from the LUKS header. Is any of this possible, or am I SOL? Of course, I have physical access to the system so I can boot it into any utilities I may need to.
View 3 Replies
View Related
Feb 10, 2010
I installed Fedora 12 into a virtual Machine (using virtualbox). Everything was perfect but the screen resolution is only 800*600. I cannot read the text fine and work is impossible.I searched already other posts but i couldn't find anything helpful.How can i set the resolution at least at ca 1280*1024?
View 2 Replies
View Related
May 24, 2011
I'm in the process of restricting access to my Linux production box, where ssh access needs to be limited to only a few MAC addresses.I've followed the instructions outlined in this guide and ran the following two commands:
/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP
/sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
root@xxxx:~/#: iptables --list
[code]....
View 3 Replies
View Related
Apr 30, 2010
Most of us know the basic security practices on Windows:
Use a limited account
Set a password
Disable unused services
Uninstall bloatware
Antivirus / Antimalware
etc.
I haven't ran linux as my main desktop computer before, so I don't know how to properly secure it. I have heard linux is supposed to be more secure than Windows, but I know that the default settings of anything are rarely secure. What are some things I should do as a new Linux user to secure my desktop system from attack?
View 2 Replies
View Related
Jun 30, 2010
I'm about to have a web server at home for the first time. I've always missed having full control and not having to contact my hosting company when I need to do some specific changes - and some changes they won't do for you at all.I've chosen the non-GUI Ubuntu Server with LAMP, and nothing more is installed really except for a couple of command line tools from the repository. The LAMP software has been locked down as good as I can by following some guides on the net and using common sense. Like Apache 2 don't have access to the file system except for the www folder, and setting the headers to Prod. MySQL has skip-networking and I've commented out the listen string to localhost. PHP has a truckload of functions that I've disabled in the php.ini, also by following some guides on the net, among some other security enhancing php.ini editing.
The only thing the server will serve is a well known PHP forum and some html docs, and that's all. Nothing advanced or complicated stuff, and I'm definitely not programming PHP myself or letting anyone do it for me.But I do want to sleep well at night knowing that my server is always on and sitting on the edge of my home network! And can I do that? I've heard that you don't need to be worried about getting your Linux server box hacked, but you should be worried about anyone getting root access to it. But is it really that simple? Ubuntu is shipped without root account and you must have the sudo password, right? What's the odds for anyone to get full access to my system?An issue: I've heard that Apache never must run as root. When I do a ps -ef, I see that there are several www-data processes running apache, but there's one root process running apache too. Is this normal and is it safe?An issue: I've heard that PHP can fail pretty easily. But isn't PHP running under apache 2 and limited by the www-data filesystem access?An issue: MySQL is running as a MySQL user, and I guess that's an unprivileged user right?
View 9 Replies
View Related
Jan 22, 2011
The "Display" interface does not have a tab for "Hardware". The resolution does not go above 800 x 600.
There is no etcX11Xorg11.conf file.
There don't seem to be any display drivers in the software repository like in ubuntu.
View 13 Replies
View Related
Dec 11, 2009
monitor is a Optiquest Q19wb. I normally have is set on 1280x1024, but fedora will only go to 800x600. It has detected the monitor correctly. Not sure if being connected to KVM will cause issues. The xorg.conf does not exist. Have installed system-config-display but have not run yet.
View 1 Replies
View Related
Feb 4, 2011
I see on my webserver some logs as follows Quote:
203.252.157.98 - :25:02 "GET //phpmyadmin/ HTTP/1.1" 404 393 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
203.252.157.98 - :25:03 "GET //phpMyAdmin/ HTTP/1.1" 404 394 "-" "Made by ZmEu @
[code]....
View 2 Replies
View Related
Oct 3, 2010
I'm a faithful user of Ubuntu Linux, especially 9.04 Jaunty Jackalope. I have a problem with my screen resolution on my LG Flatron L1718S. It's a 17 inch and its recommended resolution is 1280x1024.I was on this resolution all along until now. Now I'm limited to 800x600 resolution. Here's what happened. Before installing Ubuntu 9.04 on a friend's computer, I put in his Seagate 40 Gig hard drive into his Intel Celeron Box with a 2.93 GHz and 512MB ram. I then plugged my monitor into his system. Upon booting, I discovered that the hard drive had a very strange looking operating system called OS2 Warp...seemed like Black XP to me. On the desktop, the icons were so big and bloated,the mouse was frozen, there was so much eyecandy which demanded so much graphics resources.
His graphics card is an onboard one, framebuffer. I then rebooted the machine, this time running the Ubuntu 9.04 live CD. Resolution still ok, with 1024x768 this time. I installed Ubuntu 9.04 and finished. I shut down the machine, unplugged my monitor and plugged it back into my machine, which is a Intel Celeron with a 2.4GHz processor, 1,5GB RAM, 80GIG X 2 Seagate IDE hard Drives, 2 DVD Drives, an LG Spermulti-DVD rewriter and a BENQ DC W2000 rewriter.My graphics card is NVidia GeForce NV34 FX5200 Series, 256MB RAM Graphics Card. Suddenly everything on the desktop is so large, and the maximum resolution now is 800x600. It becomes 640x480 if i add Nvidia drivers, version 173. If I switch over to Windows XP, Service Pack 2, I have no resolution issues there. Nvidia drivers are loaded there as well. No issues with resolution there. To test the screen again, I plugged my monitor back into my friends computer that I mentioned earlier on. The resolution is stuck on 800x600. After plugging the monitor back to my computer, I tried to edit the X.conf using "sudo nano", adding the desired parameters, like undetected screen resolutions, monitor name, device,etc, but nothing worked.
I always had to resort to the backed up configuration file for XOrg. The latest Ubuntu 10,04 Lucid Lynx picks up my monitor with a maximum resolution of 1024x768.The Mandriva One 2008 Live CD also gave me the same result like Ubuntu 10.04, this time giving me more higher resolution options. Strangely enough, from my Ubuntu 9,04 and older, after several tests, the resolution is still stuck to 800x600. When I press the AUTO RESET button on my monitor, the screen says "Processing image Auto Adjustment-For Optimal display, change resolution to 1280x1024". A factory reset did not help. The resolution was perfect until I plugged my monitor into my friend's computer, the one with the 2,93GHz processor. I took another friend's monitor, a HP Cathode Tube Monitor, a 17 inch as well, and plugged it to my machine to test the resolution. The results were glorious! All resolution options were shown, from the lowest "320x240" to beyond "1280x1024". Plugged it back to mine, the same result showed: 800x600 resolution, the lowest being 320x240. I kindly ask for advice on how I can be able to get all the screen resolution options available on my Ubuntu 9.04, like before, because it shows the maximum of800x600, lowest- 320x240 on "display" in "System--Preferences".
View 8 Replies
View Related
Jan 12, 2010
i am still new with linux and debian i have some issues setting up a correct refresh rate on my monitor i want a 75hz or 80hz however i can only get 60hz a also get some weird frequencies like 59 , 61hz on the screen resolution tool via the gnome dockbar here is my xorg.conf
# xorg.conf (X.Org X Window System server configuration file)
#
# This file was generated by dexconf, the Debian X Configuration tool, using
# values from the debconf database.
[Code]...
View 18 Replies
View Related
Apr 18, 2010
I have installed Xubuntu 9.10 on an old computer.
The screen resolution defaulted to 1024 x 768 with a refresh rate of 60hz.
As this made the screen too flickery I changed the refresh rate to 87hz.
This improved the ficker but had some side effects. Firstly the computer now 'thinks' that my monitor is bigger than it really is. For example a maximised application is now off the screen. I have to manually resize the applications to fit the screen. The virtual desktop in the bottom right hand corner is now off the screen, as is the clock on the top right hand corner.
The other side effect is that I now have problems logging on to my computer. It now takes several attempts to log onto my computer.
View 9 Replies
View Related
Apr 30, 2011
I can't select default refreshing rate and resolution of my screen. Believe me, 50 Hz hurts eyes and causes headache. Ubuntu doesn't recognize my screen I used to work on 1280x1024 resolution with 80 Hz refreshing rate. 1152x864 60Hz is max I can select in Nvidia X Server and Ubuntu Screen Properties. I have tried changing options in Nvidia X Server, Ubuntu Screen Properties and tried xrandr commands (these ended with xrandr: Failed to get size of gamma for output default. or Can't open display).
# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings: version 270.29 (buildd@allspice) Fri Feb 25 14:42:07 UTC 2011
Section "ServerLayout"
Identifier "Layout0"
Screen 0 "Screen0" 0 0
InputDevice "Keyboard0" "CoreKeyboard"
InputDevice "Mouse0" "CorePointer"
Option "Xinerama" "0"
EndSection .....
Btw, I'm using Ubuntu 11.04. My graphic card is GeForce 430 GT, screen - Acer AL1916.
View 3 Replies
View Related
Apr 8, 2011
I have install squeeze, wheezy. I understand there a glitch in nvidia-setting. So how can I change screen resolution and refresh rate in xorg.conf?
# nvidia-xconfig: X configuration file generated by nvidia-xconfig
# nvidia-xconfig: version 1.0 (pbuilder@windlord) Sun Jun 13 06:03:17 UTC 2010
Section "ServerLayout"
Identifier "Layout0"
Screen 0 "Screen0"
InputDevice "Keyboard0" "CoreKeyboard"
InputDevice "Mouse0" "CorePointer"
EndSection .....
View 4 Replies
View Related
Nov 9, 2010
I am having trouble setting my refresh rate higher than 85 hz. Any Way to get it to 100 hz?
Tried so far:
- a lot of googling
- added a modeline to xorg.conf
- reinstalled nvidia driver
- tried the screen on a windows desktop, this worked so the monitor is fine
Specs:
onitor: Iiyama Vision master pro 510 (should be capable of doing 104 hz at 1600 x 1200, max resolution 2048 x 1536)
graphics card: Geforce 9800gt
motherboard: p5ql-e
Os: Fedora 13
The modeline I tried, tried it both in screen section as well as in a seperate "Modes" section:
Code:
Modeline "1600x1200_100.00" 280.64 1600 1728 1904 2208 1200 1201 1204 1271 -HSync +Vsync
After restarting X the screen only does 1024x768 max because of the modeline
xorg.conf:
Code:
# nvidia-xconfig: X configuration file generated by nvidia-xconfig
# nvidia-xconfig: version 256.35 (buildmeister@builder97.nvidia.com) Wed Jun 16 19:15:05 PDT 2010
# Xorg configuration created by livna-config-display
Section "ServerLayout"
Identifier "Layout0"
Screen 0 "Screen0" 0 0
InputDevice "Keyboard0" "CoreKeyboard"
InputDevice "Mouse0" "CorePointer"
Option "Xinerama" "0"
EndSection .....
Section "Extensions"
Option "Composite" "Enable"
EndSection
View 5 Replies
View Related
Jan 31, 2010
Some month ago I installed openSUSE 11.1. It worked not bad, but I wanted to get the newes release of Firefox. So I did an upgrade to 11.2. Yast2 refused to work with an error message: unknown option -s (or similar). The regular updates didn't work also. Then I decided to do a new installation. Now I'm having a new problem: Display settings (Anzeige-Einstellungen) reports: Monitor unknown (Monitor unbekannt).
Possible resolution settings are: 800 x 600; 640 x 480; 400 x 300; 320 x 240;
Possible refresh rates are: 60 Hz or 56 Hz @ 800 x 600
I need 1024 x 768 @ 76 Hz. In the previous installation it worked well. How I can teach openSUSE to run 1024 x 768 @ 76 Hz?
YAST2 Hardware information shows me in Monitor > Monitor > Resources > Resolution: High: 768; Vertical frequency: 76; Wide: 1024
The VGA controller is also correct shown in Display > 3d Blaster Savage 4
View 4 Replies
View Related
May 3, 2011
I'm currently running an up-to-date copy of Ubuntu 11.04, but I'm noticing some strange behavior with the monitor settings. First of all, I started investigating this because I'm seeing a lot of screen tearing while watching videos full screen as well as while the screensaver (lattice) is running. On Ubuntu 10.10 I was able to simply set the refresh rate of my monitor to 60Hz through the Nvidia tool and everything worked great. Now, this is no longer the case. I'm using a Samsung Syncmaster 205BW monitor with an Nvidia 8600 GT video card. They are connected with a DVI cable.The strange thing is, the default tool, Monitors, claims my monitor is "unknown" and will only allow me to select 50Hz, 51Hz, and sometimes 52Hz for the refresh rate.
The Nvidia tool claims that my monitor has been detected as a Samsung Syncmaster and is configured to run at 60Hz.However, another area of the Nvidia tool claims that my monitor is using a refresh rate of 59.95Hz. none of these solutions had any effect. I'm still seeing video tearing. I let the Nvidia tool re-write my xorg.conf file after trying these solutions.
View 4 Replies
View Related
Jun 26, 2009
Is there any way to change the resolution and refresh rate of the graphical log on screen in Lenny? I have the right resolution and refresh rates set for after I log in but I don't know which file to edit to make Lenny use the right settings for the log on screen.
View 1 Replies
View Related
Mar 12, 2010
I'm stuck at 800x600, and no matter what i try i seem to hit a dead end. I've got the Intel Mobile 945GM/GMS rev 03, and it seems like lots of people have had to fiddle to get it working. Here's the info I've collected and tried so far. Ubuntu Edgy On Intel 945GM Graphics & Wide Screen LCD NoteBooks � 100% Linux Addict
HOWTO: install drivers and set up widescreen res. with Intel 945 vga card and Ubuntu - Ubuntu Forums Mostly Harmless: SuSE, Acer aspire 5580 and non-standard resolution 1280x800 Intel 945gm And 1280x800 Laptop Monitor Problem Suse 10.2 - openSUSE Forums I'm not too proficient with linux yet, so the right solution might be here and I'm just not getting it right. Maybe i'm not on the right path at all.
View 9 Replies
View Related
Oct 12, 2010
is that possible to have multiple users for one linux session? and how can i do that ? it's possible to creat virtual users for a session ?
View 2 Replies
View Related
Feb 1, 2009
I have been struggling with this for a very long time now. I have installed Fedora Core 9 on my computer. I have set it up as a caching-nameserver and this is working.
Then I wanted to secure my server with iptables, and I have so far made this script:
# Load the connection tracker kernel module
modprobe ip_conntrack
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
[Code]....
I can reach the dns server with ping. When trying Nslookup it says that it got SERVFAIL from 127.0.0.1 trying next server, and then it times out.
My resolv.conf file lists:
nameserver 127.0.0.1
nameserver DNS-server
View 13 Replies
View Related
Dec 14, 2009
Im pulling my hair out trying to get ftp to work through iptables.Im using vsftpd
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
View 3 Replies
View Related
