Security :: Save Quota Between Restart For Every Rule?
Nov 17, 2010I'am using the explicit match 'quota' with iptables. I wonder how can I save quota between restart for every rule. All the quota resets at reboot.
View 1 Replies
ADVERTISEMENT
Ubuntu Security :: Set A Rule In Iptables, Does That Rule Also Apply To Ipv6, Or Just Ipv4?
Jul 16, 2010Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?
2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?
3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?
4. Any gotchas or issues that I should be aware of?
General :: IP Tables Won't Save The Rule?
Jan 9, 2011I'm using ArchLinux and I have an IP tables rule that I know works (from my other server), and it's in /etc/iptables/iptables.rules, it's the only rule set in that directory. I run, /etc/rc.d/iptables save, then /etc/rc.d/iptables/restart, but when I do "iptables --list", I get ACCEPTs on INPUT,FORWARD & OUTPUT.
# Generated by iptables-save v1.4.8 on Sat Jan 8 18:42:50 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
[Code]....
Security :: Mod_security And PCI-DSS Compliance With Breach Security's Enhanced Rule Set
Jul 19, 2010Currently I'm looking into implementing mod_security on all our apache servers. The installation on CentOS 5.5 comes directly with the "Core Rule Set" by the mod_security devs (curiously Debian and Ubuntu do not carry these) They also offer the Enhanced Rule Set for mod_security in a commercial package [URL] The main point there in their info link is the first point
Quote:
Tracking Credit Card Usage as required by the Payment Card Industry Data Security Standard However acc. to this wiki article ( http://en.wikipedia.org/wiki/Payment...urity_Standard ) that specific requirement isn't stated anywhere, as well as my colleague who's working on the PCI-DSS compliance for our code/servers/etc. mentioned that he hasn't heard of this specific requirement either. So my question would be if anyone has any experience with their ERS package and if it's needed for the PCI-DSS compliance compared to the requirements given in bullet points @ wiki article.
Security :: Validate An IPTABLES Rule?
Dec 20, 2010I guess this is the right place to put questions about iptables, so forgive me if it is not.I have a MySQL database which I need to allow connections to: 1 - the internal network; 2 - the web server (Apache) connections;3 - A user who is out of this network in a range of dynamic IP.Let's suppose the range IP for this user is 179.4.247.0-179.4.247.254 and the server; where is MySQl and Apache is 60.22.30.232. This user will use the windows client MySQL tool to make connections into this database.
So I think these rule below allow connections to the internal network and apache:
iptables -A INPUT -i eth0 -m state state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth1 -m state state ESTABLISHED,RELATED -j ACCEPT
[code]....
Ubuntu Security :: Can To Write Block All But NOT Rule For UFW?
Jul 23, 2011For example, can I write something to the effect: block all outbound UDP connections over port 53 except those going to IP 123.456.789. Or stated another way: Block outbound to port 53/udp NOT going to ip address 123.454.678Is it possible to do this? How would I write the argument?
View 3 Replies View RelatedUbuntu Security :: How To Create An Iptable Rule
Sep 1, 2011I need help creating an iptable rule. The iptables are installed on my router. My router also connects to a "hide my a**" vpn account
at 79.142.65.5:443 The goal is to somehow force the traffic to go through the vpn, because what sometimes happens is, the vpn connection drops (for what ever reason) and my real ip becomes exposed. Basically, I want to block "myself" from accessing the Internet when not connected to the vpn because of privacy concerns.
Below is my iptables. It has the 3 default chains and it also has many custom user chains. I need to know what kind of a rule to add, What interface to apply it to (lo,tun0,br-lan,eth1) and the correct chain to insert into.For example, you could tell me something like:
Quote:
FORWARD chain, change rule 1 to
iptables -R FORWARD 1 -j zone_wan_MSSFIX -p tcp --destination-port 443 -i eth1
Obviously, That was just a guess, I need someone that knows iptables to help me.
Code:
Chain INPUT (Policy: ACCEPT)
Rule # Traffic Target Prot In Out Source Destination Options
Rule 1 72.95 KB DROP all * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Rule 2 1.11 GB ACCEPT all * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
Security :: Setting Up A Specific Rule Using Iptables?
Apr 5, 2011My firewall , wich is an Ubuntu server 10.10 , have 3 interfaces:
eth0(192.168.0.254):linked to the DMZ
eth1(192.168.1.254):linked to the LAN
eth3(212.217.0.1):linked to the Internet
-The DMZ have one web server with a static address (192.168.0.1).
-My LAN address range is (192.168.1.2-192.168.1.100) managed by a DHCP server in the same firwall machine.
There are some of the rules that I need to set up :
-Allow HTTP between the LAN and the internet
-Allow HTTP between the web server in the DMZ, and the internet.
Is there a way to tell the firewall , to redirect all incoming HTTP requests only to the web server in the DMZ ?
Fedora Security :: Add A Rule In Iptables On Squid Server?
Mar 4, 2011I am using squid on my fedora box as a proxy server.By default the iptables (Firewall) service is on.To allow web pages to my client machines i stop the iptable service.
#service iptables stop
By doing it client computers start browsing.kindly how can I add a rule so that without stoping firewall client compter work fine.my perver IP address is 10.1.80.10
Security :: How To Create IPTables Rule Similar To Tcpdump
Feb 23, 2010I'm not an iptables expert. Anybody know how to create a rule/chain that will log info similar to what tcpdump -s0 would do?
View 3 Replies View RelatedUbuntu Security :: Redirect All IP Tables Rule To Forward UDP Traffic?
May 16, 2011How do I redirect all the UDP traffic on port 27016 of my current dedicated server to a new IP port 27015 using IP tables?
View 1 Replies View RelatedSecurity :: Write A Specific Rule To Check For Spoofed Packets?
Apr 21, 2010Just wanted input for this script i have cobbeled together. Its not done yet. I am trying to think of ways to close up my outgoing while maintaining full functionality of my laptop ( irc, web stuff, a torrent or two, etc.) . Anyways, I have done some myself; as well as, pulling bits and pieces from other stuff out on the web. I am starting to wonder why i have to write a specific rule to check for spoofed packets if my default input is set top drop. wouldnt it be caught?
Code:
#!/bin/bash
### Laptop + Desktop: No Forwarding firewall ip4 / ip6
### Distro > Debian / Ubuntu.
### oliverteasley@gmail.com
[Code]....
Ubuntu :: Dual Monitors - Not Save Settings After Restart?
Aug 29, 2010Kubuntu 10.4DVI-0 SyncMaster931BFDVI-1 BenQ G2220HDAI set the monitors with Display SettingsEverything works fine until rebootI lose my settings and always returns to the initial state
View 4 Replies View RelatedUbuntu Security :: Drop Igmp Port 0 Packets With Iptables Rule?
Jan 3, 2011how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.
View 2 Replies View RelatedSecurity :: Iptables Requirement \ Package Passed Through Masquerade Don't Pass Through The Prerouting Rule?
Nov 26, 2010The iptables has every rule set correctly, the users in the subnet works great, but I have the following issue.every user connect to a mysql running on the internet through the port 3306, the forward and masquerade do the job. Now I have a user in the outside, and he wants to connect to a mysql in a certain machine (Not the gateway), prerouting rules solve my problems, but all the packages from the inside users goes now to that certain machine. I would like something like if the package passed trough masquerade don't pass trough the prerouting rule, and if it come from the outside (Not a package that come from a petition from the inside) pass trough the prerouting rule.
View 6 Replies View RelatedUbuntu :: Dual Monitors Nvidia X Server Doesn't Save After Restart
May 11, 2010I have dual monitors running successfully with my BFG GeForce 8400GS and NVIDIA X server settings. The only problem is every time I restart, the settings go back to default, so I have to setup the dual monitors again.
View 5 Replies View RelatedUbuntu Security :: UFW Block ICMP When Add Non ICMP Related Rule
May 21, 2011I am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
View 1 Replies View RelatedCentOS 5 :: "gnome-session-save --kill" RESTART The System?
Apr 27, 2011When I logout Gnome session, the whole system reboots. I found this command, "gnome-session-save --kill", it restarts the system, too.That's what is happening with two of my Dell destops(CentOS 5.6). How could this happen?
View 4 Replies View RelatedUbuntu Security :: Is Restart After Updating Necessary?
Apr 4, 2011Every now and then, ubuntu update includes new image (initrd.img or something like that - a new kernel as I understood) that requires a restart of server after installation. How safe is it not to restart (and still use old kernel) for a while (until next scheduled service in a month or two)? The computer is a server and I don't want to restart it unless there are security concerns. Is there a page that tells you what are the changes in the new kernel? And if there are any security holes that have been patched? I'm currently using img version 2.6.32-28-server (and there is already 2.6.32-30-server).
View 4 Replies View RelatedUbuntu Security :: Clonezilla: Can't Save Image To Network Via Ssh
Dec 26, 2010I'm working with Clonezilla to back up my test server, I want to store the image to a partition in our network, for example: my computer. But it still doesn't work. These are my steps:
I reboot my server with Clonezilla CD.
I choose device-image
I choose ssh_server
I choose my network device with dhcp mode
I provide the IP of my computer and port 22, then my username
I choose the path to my hard drive, like /home/username/backup
But after I type my password to connect, Clonezilla says "remote host has disconnected. Clonezilla image home directory /home/partimag is not a mountint point! Failed to mount other device as /home/partimag! Are you sure you want to continue?"
I try to connect to my computer from another machine, it works, but I don't know why Clonezilla can't.
Ubuntu Security :: Getting Past Lock Without Restart?
Jul 28, 2011I had a buddy that swore he was such a linux guru he could bypass the lock screen easily but refused to elaborate. Was he just being faseeshis or was he legit. I don't accept starting a new X session using the terminal or restarting and using recovery tool to change password as an answer.
View 1 Replies View RelatedSecurity :: Restart Postgres In Server - Selinux Is Not Letting It Log Anything
Jan 28, 2010Whenever i restart postgres in my server, Selinux is not letting it log anything. In /var/log/messages, it says.
Quote: Jan 28 14:15:43 dataserver kernel: audit(1264709743.263:38): avc: denied { append } for pid=5986 comm="postmaster" name="pgsql.log" dev=sda8 ino=3932166 scontext=root:system_r: postgresql_t tcontext=root: object_r:var_log_t tclass=file
Jan 28 14:15:43 dataserver kernel: audit(1264709743.263:39): avc: denied { append } for pid=5986 comm="postmaster" name="pgsql.log" dev=sda8 ino=3932166 scontext=root:system_r: postgresql_t tcontext=root: object_r:var_log_t tclass=file
I cannot disable SeLinux in this server.
Security :: Audit.rules Does Not Retain Certain Settings After Reboot Or Service Restart?
Jan 11, 2011I'm using RHEL 5 with the Enhanced Security. Using the suggest NISPOM Red Hat documented settings (located on the system; copy - paste) I have managed to audit failed file open accesses however, this setting only retained if I enter it at the command line (/sbin/auditctl -a ). If I reboot the system or restart the service all my -a (not -w) located in the /etc/audit/audit.rules are not retained.
View 6 Replies View RelatedFedora Security :: FC11 Is Set By Default To Reset The IPTables Firewall To ACCEPT Across The Board Each Restart?
Jul 16, 2009How come FC11 is set by default to reset the IPTables firewall to ACCEPT across the board each restart?
View 4 Replies View RelatedUbuntu Security :: Installed Prixfixe Through Software Center To Edit The Menus - Restart/shutdown Buttons Didn't Work?
Jan 21, 2011I run apache on a non standard port(82).I just installed unity to play around with it and while I was playing with it I installed prixfixe through software center to edit the menus.While prixfixe was installing my computer was acting very slow which was odd, but not completely unusual.During this time I ran ps aux which showed that my apache server was taking up most of the processing power.I was about to stop my web server,but I waited just in case the web server was updating a few things (I run ampache).
My computer finished installing the software and then I ran some command with sudo (I can't remember what the command was), but it threw back some message saying "setid blabla". I restarted my computer and when I got to my gdm my normal user account did not show up. There were no accounts and the restart/shutdown buttons didn't work.Now I'm running on a livecd and checking out my apache access logs, apache error logs,and kernel logs,but nothing looks out of place..
Ubuntu :: Firefox - Unable To Save Files By Right Clicking And Save As
Jan 13, 2010I have Ubuntu 9.10 dual booting with Windows7.My ext3 /home is mounted as F: in windows.I share a firefox profile between them so that when i am in Windows my firefox uses the same profile as it does when in Ubuntu.It all worked great until recently. I am unable to save files by right clicking and save as. In the config i am unable to set a directory to save to. It neer asks me where to save to. Just nothing happens. some off my book marks are all messed up as well, my rss feeds have the same post on some random website every time i log on and i have to manually refresh to get the correct feeds back. I am unable to delete the random bookmark.
View 1 Replies View RelatedUbuntu :: Xrandr Doesn't Save Changes - How To Make It To Save Changes
Jun 16, 2010my mediacenter is attached to an beamer with the optimal resolution of 1280*720 ubuntu 10.04 doesnt offer me this revolution (on my intel 915 graphis controller). this means i have to add this resolution to the possible resolutions. first i used cvt
Code:
cvt 1280 720 60
and got this result:
Quote:
# 1280x720 59.86 Hz (CVT 0.92M9) hsync: 44.77 kHz; pclk: 74.50 MHz
Modeline "1280x720_60.00" 74.50 1280 1344 1472 1664 720 723 728 748 -hsync +vsync
then i added this to xrandr
Code:
xrandr --verbose --newmode "1280x720" 74.50 1280 1344 1472 1664 720 723 728 748 -hsync +vsync
and
Code:
xrandr --verbose --addmode VGA1 1280x720
now i can select and use the new resolution - until next reboot. after an reboot 1280x720 is again not available. even if i work with sudo - the resolution isnt there....
General :: How To Set Quota On Group?
Mar 11, 2010How can I set quota on group plz send me detail with command.I am still facing problem to set the quota. I've tried many option plz send all steps to set quota from start to end.
View 3 Replies View RelatedServer :: How To Set A Quota On Directory?
Nov 9, 2009How can I set a quota on a directory?Is there an easy way to do this?
View 5 Replies View RelatedUbuntu Installation :: System Automatically Tried To Restart But On The Restart Got The 'terminal' View
Apr 30, 2011I have just finished the upgrade of the latest version and I'm at the point of my system restating.
My system automatically tried to restart but on the restart I got the 'terminal' view. It stopped when asking for my username (it never normally asks for this before the grub menu) and then password. I didn't get any further than that.
I now have on my screen (still in the terminal view before the grub menu)
"name@name-desktop:...$ "
I'm on my phone now so I don't actually have the symbol for before the dollar sign but your know what it is. The raised S on a 90 degree angle.