Security :: How To Rate Limited IPTABLEs Treat A Screen Session On Ssh After Disconnection
Nov 3, 2010
Take this scenario If I have rate limited the connections to 4.(i.e if you attempt 4th connection you wont be able to login for some time.) If in a minute I get disconnected 3 times while I was already logged in on the server with a screen session, will I be able to login or I need to keep quite for a minute?
Quote:
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource
I'd like to discourage the SSH bots that try to log into my system (CentOSv5), and among other things, I've changed my SSH port to someting other than 22. As well, I've been playing around with the idea of some iptables rules (note port 22 is used here as example): Code: # Allow SSH with a rate limit iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -m hashlimit --hashlimit 15/hour --hashlimit-burst 3 --hashlimit-htable-expire 600000 --hashlimit-mode srcip --hashlimit-name ssh -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j LOG --log-prefix "[DROPPED SSH]: " iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j DROP I am *NOT* an iptables expert. What do you all think about the above code snip?
I have configured my squid that have a limited access to websites but still some website were accessable vis https so I removed transparent from squid. Now what changes do I have to make in iptbles
I'm a newbie in the world of netfilter/iptables. I've read an article about iptables and rate limit module: Code: iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT The firewall will let the first 5 packets in in the first minute, -limit-burst 5; this means, however, that the packets/minute now is 5, so any further packets are blocked until packets/minute = 1, i.e. 5 minutes later. In the sixth minute, packets/minute will be 5/6 < 1, so another ping request will be let in. When the extra ping request is admitted, the ratio becomes 6/6 = 1 again, and packets are DROPped again until the next minute.
Now I have some problems in understanding how it works. For example: I want ping google.com in this way: the kernel firewall permits to send the first 5 packet to google.com (--limit-burst 5) and then it blocks the remaining packets for 5 minutes. At sixth minute (because I wish a limit rate equal to 1/minute: --limit 1/minute) one packet can send to google again. And so on.
So my rule should be: Code: iptables -A OUTPUT -d url_of_google -p icmp --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT In this way, if i digit Code: ping -f url_of_gogle I expect that the first 5 packets are accepted (and so zero '.' will print on the screen) and then for the remaining 5 minutes no one packets will be accepted (and so a long string of '.' will print). But it doesn't work...
In man pages of ping we read (about -f option): -f Flood ping. Outputs packets as fast as they come back or one hundred times per second, whichever is more. For every ECHO_REQUEST sent a period ``.'' is printed, while for every ECHO_REPLY received a backspace is printed. This provides a rapid display of how many packets are being dropped.
I have about 5 machines that are under Ddos daily and I use rate-limit for Iptables to protect that and it works good.My UDP ports 20100 to 20400 are actually under Ddos so these are the commands I use:
Code: A INPUT -p udp -m udp --dport 20100:20500 -m state --state NEW -m recent --set --name DEFAULT --rsource
I have a SSH server set up at home listening on port 22. I have hardened the server so it is pretty secure but I want to make it even safer by editing my iptables to rate-limit incoming connections and DROP false login attempts. I have tried these tutorials but I just cant get it to work:[URL]I want the debian-administration.org tutorial to work but when I try to add the first rule in terminal:sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --setI get the following:Bad argument --set'I am new to iptables and I'm not sure if I'm doing something wrong when I try to set it up. I'm using Ubuntu 10.04.1 LTS with iptables v1.4.4.
I want to have an account (beta user), on which:I can use the Internet and other programs without administrative rights without the right to install programs with a kind of sandbox for everything that is connected to the Internet, which means: everything that is associated with the web browser's processes and files that I save to hard disk I want to be separated from the rest of the system, so that whatever can catch up on this account will be locked in it, for example any (if at all) possible malicious scripts from Internet or whatever may be dangerous now or invented in the future. Sometimes, for example, I save the web page to disk with all it content.
And in case someone cracked into this account I want make it in that way that he could not do any tricks to read or change passwords, or make any other changes to the system. The best would be if a password for that user might serve only to log in without having any other powers, and I would give that user an automatic login. For now I created a beta user without administrative rights. I understand that the limiting rights of the user are associated with limiting rights to their home directory. There are also groups, and a user may be included or excluded. I excluded that user from admin group but I don't know what else I can limit and how. When I give chmod 0644 for /home of this user he cannot run Firefox. When I give him 0740 he can run applications, so I assume the x attribute must be preserved.
This is a user without sudo rights, so when I type sudo apt-get update a message shows up correctly that this user doesn't belong to the sudoers group. But still it's not what I wanted. When the user runs Gufw and wants to change the settings to disable the firewall, a message shows up asking to type in a password of alpha user = primary user, which is that belonging to the sudoers group, the first / main user that I created during system installation. I wish that there was only the message that the beta user has no power to change anything, which means even completely remove the possibility of asking for sudo.
In addition, I wish that this beta couldn't be able to change the permissions to its home directory, or go to see what is above. Because so far beta can change the file permissions for its /home, even without a sudo password. How can I do it? Do I need to create a kind of chroot jail for this user? I would like any changes to that user account could be made only after the user log off from beta account, and log in on alfa account and that beta could run only programs that ware installed by alpha. And that beta could read and write, but alfa could also read and write or remove, alter files on beta account. Basically, alfa account should be superior to beta account. Can do that?
I've encrypted my root partition with LUKS and cannot remember my password. My main question is this: is it possible to extract the hash (or key; not sure on the correct terminology here) from the LUKS header and run it through a cracker? The hash type is SHA1 and I can remember the characters I used for the password, just not in the correct order (lots of special characters). That being said, given such a small charset, it should be crackable within a reasonable time, correct? Especially if I used a GPU accelerated cracker. What I don't know how to do is go about getting the hash from the LUKS header. Is any of this possible, or am I SOL? Of course, I have physical access to the system so I can boot it into any utilities I may need to.
I installed Fedora 12 into a virtual Machine (using virtualbox). Everything was perfect but the screen resolution is only 800*600. I cannot read the text fine and work is impossible.I searched already other posts but i couldn't find anything helpful.How can i set the resolution at least at ca 1280*1024?
I'm in the process of restricting access to my Linux production box, where ssh access needs to be limited to only a few MAC addresses.I've followed the instructions outlined in this guide and ran the following two commands:
/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP /sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT root@xxxx:~/#: iptables --list
Most of us know the basic security practices on Windows:
Use a limited account Set a password Disable unused services Uninstall bloatware Antivirus / Antimalware etc.
I haven't ran linux as my main desktop computer before, so I don't know how to properly secure it. I have heard linux is supposed to be more secure than Windows, but I know that the default settings of anything are rarely secure. What are some things I should do as a new Linux user to secure my desktop system from attack?
I'm about to have a web server at home for the first time. I've always missed having full control and not having to contact my hosting company when I need to do some specific changes - and some changes they won't do for you at all.I've chosen the non-GUI Ubuntu Server with LAMP, and nothing more is installed really except for a couple of command line tools from the repository. The LAMP software has been locked down as good as I can by following some guides on the net and using common sense. Like Apache 2 don't have access to the file system except for the www folder, and setting the headers to Prod. MySQL has skip-networking and I've commented out the listen string to localhost. PHP has a truckload of functions that I've disabled in the php.ini, also by following some guides on the net, among some other security enhancing php.ini editing.
The only thing the server will serve is a well known PHP forum and some html docs, and that's all. Nothing advanced or complicated stuff, and I'm definitely not programming PHP myself or letting anyone do it for me.But I do want to sleep well at night knowing that my server is always on and sitting on the edge of my home network! And can I do that? I've heard that you don't need to be worried about getting your Linux server box hacked, but you should be worried about anyone getting root access to it. But is it really that simple? Ubuntu is shipped without root account and you must have the sudo password, right? What's the odds for anyone to get full access to my system?An issue: I've heard that Apache never must run as root. When I do a ps -ef, I see that there are several www-data processes running apache, but there's one root process running apache too. Is this normal and is it safe?An issue: I've heard that PHP can fail pretty easily. But isn't PHP running under apache 2 and limited by the www-data filesystem access?An issue: MySQL is running as a MySQL user, and I guess that's an unprivileged user right?
monitor is a Optiquest Q19wb. I normally have is set on 1280x1024, but fedora will only go to 800x600. It has detected the monitor correctly. Not sure if being connected to KVM will cause issues. The xorg.conf does not exist. Have installed system-config-display but have not run yet.
I'm a faithful user of Ubuntu Linux, especially 9.04 Jaunty Jackalope. I have a problem with my screen resolution on my LG Flatron L1718S. It's a 17 inch and its recommended resolution is 1280x1024.I was on this resolution all along until now. Now I'm limited to 800x600 resolution. Here's what happened. Before installing Ubuntu 9.04 on a friend's computer, I put in his Seagate 40 Gig hard drive into his Intel Celeron Box with a 2.93 GHz and 512MB ram. I then plugged my monitor into his system. Upon booting, I discovered that the hard drive had a very strange looking operating system called OS2 Warp...seemed like Black XP to me. On the desktop, the icons were so big and bloated,the mouse was frozen, there was so much eyecandy which demanded so much graphics resources.
His graphics card is an onboard one, framebuffer. I then rebooted the machine, this time running the Ubuntu 9.04 live CD. Resolution still ok, with 1024x768 this time. I installed Ubuntu 9.04 and finished. I shut down the machine, unplugged my monitor and plugged it back into my machine, which is a Intel Celeron with a 2.4GHz processor, 1,5GB RAM, 80GIG X 2 Seagate IDE hard Drives, 2 DVD Drives, an LG Spermulti-DVD rewriter and a BENQ DC W2000 rewriter.My graphics card is NVidia GeForce NV34 FX5200 Series, 256MB RAM Graphics Card. Suddenly everything on the desktop is so large, and the maximum resolution now is 800x600. It becomes 640x480 if i add Nvidia drivers, version 173. If I switch over to Windows XP, Service Pack 2, I have no resolution issues there. Nvidia drivers are loaded there as well. No issues with resolution there. To test the screen again, I plugged my monitor back into my friends computer that I mentioned earlier on. The resolution is stuck on 800x600. After plugging the monitor back to my computer, I tried to edit the X.conf using "sudo nano", adding the desired parameters, like undetected screen resolutions, monitor name, device,etc, but nothing worked.
I always had to resort to the backed up configuration file for XOrg. The latest Ubuntu 10,04 Lucid Lynx picks up my monitor with a maximum resolution of 1024x768.The Mandriva One 2008 Live CD also gave me the same result like Ubuntu 10.04, this time giving me more higher resolution options. Strangely enough, from my Ubuntu 9,04 and older, after several tests, the resolution is still stuck to 800x600. When I press the AUTO RESET button on my monitor, the screen says "Processing image Auto Adjustment-For Optimal display, change resolution to 1280x1024". A factory reset did not help. The resolution was perfect until I plugged my monitor into my friend's computer, the one with the 2,93GHz processor. I took another friend's monitor, a HP Cathode Tube Monitor, a 17 inch as well, and plugged it to my machine to test the resolution. The results were glorious! All resolution options were shown, from the lowest "320x240" to beyond "1280x1024". Plugged it back to mine, the same result showed: 800x600 resolution, the lowest being 320x240. I kindly ask for advice on how I can be able to get all the screen resolution options available on my Ubuntu 9.04, like before, because it shows the maximum of800x600, lowest- 320x240 on "display" in "System--Preferences".
i am still new with linux and debian i have some issues setting up a correct refresh rate on my monitor i want a 75hz or 80hz however i can only get 60hz a also get some weird frequencies like 59 , 61hz on the screen resolution tool via the gnome dockbar here is my xorg.conf
# xorg.conf (X.Org X Window System server configuration file) # # This file was generated by dexconf, the Debian X Configuration tool, using # values from the debconf database.
The screen resolution defaulted to 1024 x 768 with a refresh rate of 60hz.
As this made the screen too flickery I changed the refresh rate to 87hz.
This improved the ficker but had some side effects. Firstly the computer now 'thinks' that my monitor is bigger than it really is. For example a maximised application is now off the screen. I have to manually resize the applications to fit the screen. The virtual desktop in the bottom right hand corner is now off the screen, as is the clock on the top right hand corner.
The other side effect is that I now have problems logging on to my computer. It now takes several attempts to log onto my computer.
I can't select default refreshing rate and resolution of my screen. Believe me, 50 Hz hurts eyes and causes headache. Ubuntu doesn't recognize my screen I used to work on 1280x1024 resolution with 80 Hz refreshing rate. 1152x864 60Hz is max I can select in Nvidia X Server and Ubuntu Screen Properties. I have tried changing options in Nvidia X Server, Ubuntu Screen Properties and tried xrandr commands (these ended with xrandr: Failed to get size of gamma for output default. or Can't open display).
# nvidia-settings: X configuration file generated by nvidia-settings # nvidia-settings: version 270.29 (buildd@allspice) Fri Feb 25 14:42:07 UTC 2011 Section "ServerLayout" Identifier "Layout0" Screen 0 "Screen0" 0 0 InputDevice "Keyboard0" "CoreKeyboard" InputDevice "Mouse0" "CorePointer" Option "Xinerama" "0" EndSection .....
Btw, I'm using Ubuntu 11.04. My graphic card is GeForce 430 GT, screen - Acer AL1916.
I am having trouble setting my refresh rate higher than 85 hz. Any Way to get it to 100 hz?
Tried so far: - a lot of googling - added a modeline to xorg.conf - reinstalled nvidia driver - tried the screen on a windows desktop, this worked so the monitor is fine
Specs: onitor: Iiyama Vision master pro 510 (should be capable of doing 104 hz at 1600 x 1200, max resolution 2048 x 1536) graphics card: Geforce 9800gt motherboard: p5ql-e Os: Fedora 13
The modeline I tried, tried it both in screen section as well as in a seperate "Modes" section: Code: Modeline "1600x1200_100.00" 280.64 1600 1728 1904 2208 1200 1201 1204 1271 -HSync +Vsync After restarting X the screen only does 1024x768 max because of the modeline
xorg.conf: Code: # nvidia-xconfig: X configuration file generated by nvidia-xconfig # nvidia-xconfig: version 256.35 (buildmeister@builder97.nvidia.com) Wed Jun 16 19:15:05 PDT 2010 # Xorg configuration created by livna-config-display
Some month ago I installed openSUSE 11.1. It worked not bad, but I wanted to get the newes release of Firefox. So I did an upgrade to 11.2. Yast2 refused to work with an error message: unknown option -s (or similar). The regular updates didn't work also. Then I decided to do a new installation. Now I'm having a new problem: Display settings (Anzeige-Einstellungen) reports: Monitor unknown (Monitor unbekannt).
Possible resolution settings are: 800 x 600; 640 x 480; 400 x 300; 320 x 240; Possible refresh rates are: 60 Hz or 56 Hz @ 800 x 600 I need 1024 x 768 @ 76 Hz. In the previous installation it worked well. How I can teach openSUSE to run 1024 x 768 @ 76 Hz?
YAST2 Hardware information shows me in Monitor > Monitor > Resources > Resolution: High: 768; Vertical frequency: 76; Wide: 1024 The VGA controller is also correct shown in Display > 3d Blaster Savage 4
I'm currently running an up-to-date copy of Ubuntu 11.04, but I'm noticing some strange behavior with the monitor settings. First of all, I started investigating this because I'm seeing a lot of screen tearing while watching videos full screen as well as while the screensaver (lattice) is running. On Ubuntu 10.10 I was able to simply set the refresh rate of my monitor to 60Hz through the Nvidia tool and everything worked great. Now, this is no longer the case. I'm using a Samsung Syncmaster 205BW monitor with an Nvidia 8600 GT video card. They are connected with a DVI cable.The strange thing is, the default tool, Monitors, claims my monitor is "unknown" and will only allow me to select 50Hz, 51Hz, and sometimes 52Hz for the refresh rate.
The Nvidia tool claims that my monitor has been detected as a Samsung Syncmaster and is configured to run at 60Hz.However, another area of the Nvidia tool claims that my monitor is using a refresh rate of 59.95Hz. none of these solutions had any effect. I'm still seeing video tearing. I let the Nvidia tool re-write my xorg.conf file after trying these solutions.
Is there any way to change the resolution and refresh rate of the graphical log on screen in Lenny? I have the right resolution and refresh rates set for after I log in but I don't know which file to edit to make Lenny use the right settings for the log on screen.
I'm stuck at 800x600, and no matter what i try i seem to hit a dead end. I've got the Intel Mobile 945GM/GMS rev 03, and it seems like lots of people have had to fiddle to get it working. Here's the info I've collected and tried so far. Ubuntu Edgy On Intel 945GM Graphics & Wide Screen LCD NoteBooks � 100% Linux Addict
HOWTO: install drivers and set up widescreen res. with Intel 945 vga card and Ubuntu - Ubuntu Forums Mostly Harmless: SuSE, Acer aspire 5580 and non-standard resolution 1280x800 Intel 945gm And 1280x800 Laptop Monitor Problem Suse 10.2 - openSUSE Forums I'm not too proficient with linux yet, so the right solution might be here and I'm just not getting it right. Maybe i'm not on the right path at all.
I have been struggling with this for a very long time now. I have installed Fedora Core 9 on my computer. I have set it up as a caching-nameserver and this is working.
Then I wanted to secure my server with iptables, and I have so far made this script:
# Load the connection tracker kernel module modprobe ip_conntrack iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP
[Code]....
I can reach the dns server with ping. When trying Nslookup it says that it got SERVFAIL from 127.0.0.1 trying next server, and then it times out.
