I am running a ubuntu server for home use and am currently hosting a website for testing urposes I am worried because I have to leave my port 80 open for this to work. an Idea I have is to make it that port 80 is read only.
View 9 Replies
i need to do a statefull firewall actually i try the ESTABLISHED state but as we know that some people can play with the TCP header so i want to do a "connection track" state, they told me in mangle but i didn't find can someone paste for me a link about "connection track" or write for me rule for ex: to make connection track for port 80!
View 4 Replies View Relatedi tried my best andwrite all the commands given below. but port 27000 is not in listening state.Note: I spoofed MAC address (change MAC address)on this MAchine.here is my iptables file.
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
[code]....
I am interested in making the root file system is read-only. I've moved /var and /tmp file systems to another partitions. There are two files in the /etc directory that need to be writable.
These are:
I've moved this files to /var and linked it. I've added command to the /etc/rc.d/rc.local file:
That's it. Are there other solutions to make the root file system is read-only?
sudo ssh -L 750:192.168.123.103:873 username@192.168.123.103It does exactly what it's supposed to do, but how do i edit / remove this rule?Is there some config file where i can alter the forwarding? How does it get stored?Im using Ubuntu 10.10Server Edition (allthough i recon it would be pretty much the same across all versions
View 5 Replies View RelatedIs there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?
One obvious example that probably clarifies my question:
When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic.
Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.
I'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding
View 2 Replies View RelatedAs it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
he clicks on everything on his GNOME desktop, and manages to delete everything, including menus, icons, etc. The people he lives with aren't skilled enough to fix it, and I live a good eight hours away. I have remote capabilities with NX, but that requires them to initiate a connection to my workstation here, which is more painful than I thought it would be. I need a way of locking down the desktop, so it's read-only, so he can't make the changes he seems to keep making. I figure I could make the .gnome directory read-only, but I don't know if that would affect the normal operation.
View 3 Replies View Relatedhow to automount USB devices read-only for security in RHEL5? I'm looking for the generic solution for any USB device, so I'm not looking to hardcode something into /etc/fstab.I've hunted around and I can't find a clear answer and my various attempts have failed. I've looked at /etc/auto.misc, UDEV, and HAL. Here's where I'm at which isn't working.I have RHEL5 and from what I can tell HALD manages the automounting. HAL seems to have 2 primary directories:
/etc/hal/fdi
-and-
/usr/share/hal/fdi
The difference between the two is unclear to me.Based on some examples, I created the following file:
--------------------
Code:
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->
<deviceinfo version="0.2">[code]....
No matter what I call this file or where I put it, any USB device still mounts RW. How do I fix this? Am I correct that HAL is the right place? Looking through dmesg, it sure looks like HAL controls this, but maybe I'm wrong? I've also made various attempts to solve this with UDEV and /etc/auto.misc, so if it is one of those, I clearly don't know the correct thing to do there.
I am using a F232 USB to serial adapter for connecting my wireless modem to my laptop and I wrote a simple C code for reading data received by the modem transmitted by another modem installed on my target device.The problem is my code is simply giving 0.00000 (float data) output .When I use the same code with my desktop its running fine and I am getting relevant data.What may be the problem? I even changed the permission for my /dev/ttyUSB0 I am using Ubuntu 10.04 on both my laptop and desktop
below is my code
Code:
#include <stdlib.h>
#include <math.h>
#include <errno.h> /* Error number definitions */
#include <termios.h> /* POSIX terminal control definitions */
[code]....
I need to read and write to a serial device. When I connect via gtkterm, I need to toggle DTR before I can communicate with the device . My problem is that I cannot emulate this in C++.
I want to write some code that can setup a comport, toggle the DTR, then read and write strings to the port. However all my attempts have been fruitless. My serial settings are B9600, No parity, no hardware control, 8 bt characters and 1 stop bit:
Code:
#include <iostream>
#include <SerialStream.h>
#include <sys/ioctl.h>
#include <fcntl.h>
using namespace LibSerial;
[Code]...
I am trying to write some code that interfaces with an AVR over a serial port. Basically I send a command then read the output which is 6 bytes. I need to receive all 6 bytes before the program continues. Is there a way to do this? If I use read() it returns -1 unless I add a delay before reading the port. Is there a way to get it to read the 6 bytes as soon as they arrive?In python you simply say how many bytes you want and the max time you are willing to wait which seems a whole lot easier than read
View 1 Replies View RelatedI have a minilinux that I being working on, the problem now is that the serial ports doesn't seem to work (I have 4 serial ports).They don't write or read.
I run the command setserial g /dev/ttySx and it says that his IRQ are 3 or 4 (3 for ttyS0 and ttyS2 , 4 for ttyS1 and ttyS4)�but when I run the command: dmesg | grep ttyS the IRQ�s are 0 for ALL my serial ports� could be this the reason why my serial ports aren�t working right??? And if it is how can I solve the problem??
I'm currently developping a C program to drive a Telit GM862-GPS module using the serial port of an embedded board (SBC9261).The communication with the module is based on AT commands : I just send my command to the module, through the RS232 line, and the module answers immediately.Here's an example with a basic command returning the GPS's acquired position, sent with Minicom :
Code:
AT$GPSACP
$GPSACP: 104323.000,4x45.6171N,00x38.6219E,0.8,446.5,3,272.14,0.21,0.11,080311,09
[code]...
i want to try with a small application in linu in that i want to read some data from controller using serial port and i wanna transfor that data to another meachin in the network for this i want serial port interfacing programming as well as socket programming.
View 1 Replies View RelatedI am writing a C program which reads data over serial port. While reading data, if I send my data(which is a 13 byte structure) periodic with a period of 1 second for 10 times I read it without problem and I read the data 10 times as I sent and as I expectBut if I send data continuousuly(without any time interval between each sending) 10 times I can only read 1 of them(I can only read it once).
View 11 Replies View RelatedI am implementing a simple serial protocol where my ARM9 board, running Linux is communicating to a slave peripheral board. The Master sends a 12 byte data stream and the peripheral board returns status in a 23 byte response. The serial port is opened in raw mode. It works perfectly on 44 reads; however, on the 45 read the data returned from the read() is incorrect. I've framed what's being sent on an oscope and it is correct.The coincidence is that 23 x 44 = 1012. It's as though the receive buffer is 1K and when I go past the boundary I get bad data. The read following the bad one is good again.I've tried flushing the buffer before reading but get the same result.Here's the port initialization code:
Code:
int initport(int fd)
{
[code]...
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies View Relatedi know that chmod +x makes a certain file executable but how do i make a file read and write.
View 3 Replies View RelatedI have a simple WD external USB hard drive, but when I plug it into my computer nothing happens. Not only is there nothing popping up, but I cannot access it through the file browser. The light on the hard drive turns on as usual.
View 3 Replies View RelatedI have two terminals open and I want to save the current path in a variable and read it from the second terminal that I have open.
Then in the first terminal I type:
Code:
A=$(pwd)
And in the second I type:
Code:
echo $A
that doesn't work though.
I have tried also with
Code:
export A=$(pwd)
and
Code:
alias A=$(pwd)
but nothing seems to work. Is there a way to do this?
I need disable usb port access in ubuntu9.10. how to disable usb port in ubuntu9.10
View 9 Replies View RelatedI have the default to deny all. The only rule I have in there is:
Code:
To Action From
-- ------ ----
[code]....
Watching Logs and event reports,clearly something is trying to use my 40292 port.I tried to find out more about the Port, by temporary starting FireStarter.Unfortunately my search kept me stranded with the same question after 3 hours. Does anybody here knows any thing about that certain port usage?
View 5 Replies View RelatedI'm interested in installing RHEL server on a solid state drive. I would like to make this OS read-only as to prolong the longevity of the drive (these SSDs have a limited number of write-cycles before they start to fail).
View 9 Replies View RelatedUp to now I've been playing with Ubuntu whilst storing important data elsewhere for about 2 years. Now I'm ready to move to Ubuntu completely but want to address my security.I'm currently using a desktop and server behind a hardware firewall / Internet router. The router has DynDNS and forwards port 80 to the webserver and a port I picked at random to the desktop 22 for SSH with private keys. SSH passwords are disabled.
The first question is, is there a danger of running different security levels on the two machines? I don't care about the server, there is no data on it so I currently forward port 80 and am considering forwarding ports 631 (CUPS) and a port for LDAP. Will this effect my desktop (which has info I don't want to loose).The next question is whether port forwarding / hardware firewall is actually a safeguard against attack.
Tor open port 23 for telnet. Is this normal ?
View 3 Replies View RelatedI'm trying to SSH into my home computer from a remote location outside of my house's LAN and can't figure out remote port fowarding.
The guide here says to use the following:
Code:
I've tried connecting to my home computer through many combinations of the syntax listed above, read the man file, and looked online for help. But can't find out the proper syntax or a good guide that isn't written for Windows users using Putty.
Let's assume for the sake of simplicity that the public IP address of my home SSH server is 123.123.123.123, the private IP address of my home SSH server is 192.168.1.100, my home SSH port is 2222, and the SSH port at my current location is is 22. How would I write out the command?
Every time I try to connect I get a "connection times out" error.
I'm using a local proxy server VPN'd to another network.
How do I setup either Firestarter or Gufw/ufw to ONLY allow in/out from ONE port? (The one port the proxy uses)
Ex: Firefox is proxied to 127.0.0.1, all ports, and then the proxy picks it up, and sends out on port xxxx, and recieves on port xxxx, then sends back thru 127.0.0.1, back to Firefox.
Any setting/rules I've treid on either Firestarter or Gufw kills the proxy>VPN (Proxy won't connect to remote network)
Addendum: If I start the proxy FIRST, then the firewall, all is good. I'm thinking the proxy uses a port to connect with remote network first, then switches to my configured xxxx port...hmmm
