Ubuntu :: Script To Setup Ufw With Ssh On User Defined Port?
Apr 3, 2011
Im writing up a script to set up ufw with ssh on a user defined port. I have 2 minor issues, 1, this script can only run once, from the defualt configuration files. if the config files are previously modified, this script will fail. So how can i fix it so that the line specifying port in the ssh_config file can be read and rewriten to numerous times.
I have alot of echo type commands. how can I neaten that up?
Code:
#If these aren't installed, install them now with:
#sudo apt-get install openssh-server denyhosts ufw
#This script is to help you set up decent security
#on your Linux computers. Run this script as root.
I'm trying to setup a RAID 5 array of 3x2TB drives and noticed that, besides having a faulty drive listed, I keep getting what looks like two separate arrays defined. I've setup the array using the following : sudo mdadm --create /dev/md01 --verbose --chunk=64 --level=5 --raid-devices=3 /dev/sdb /dev/sdc /dev/sde
So I've defined it as md01, or so I think. However, looking in the Disk Utility the array is listed as md1 (degraded) instead. Sure enough I get :cat /proc/mdstat Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] md1 : active raid5 sde[3](F) sdc[1] sdb[0] 3907028992 blocks level 5, 64k chunk, algorithm 2 [3/2] [UU_]
So I tried getting info from mdadm on both md01 and md1 :user@al9000:~$ sudo mdadm --detail /dev/md1 /dev/md1: Version : 00.90 Creation Time : Sun Jan 9 10:51:21 2011 Raid Level : raid5 ......
Is this normal? I've tried using mdadm to --stop then --remove both arrays and then start from scratch but I end up in the same place. I'm just getting my feet wet with this so perhaps I'm missing some fundamentals here. I think the drive fault is a separate issue, strange since the Disk Utility says the drive is healthy and I'm running the self test now. Perhaps a bad cable is my next check...
I wrote a shell script and was able to compile it using SHC. after that i copied it to the /bin folder and tried running it as a normal user, but i keep getting the error " operation not permitted killed "
I tried changing the permissions. but it doesn't work. it only works with sudo. there must be another way. otherwise it won't be linux right?
what should I add/change to set up port forwarding of port 1000 to ip 192.168.1.200. also how to get the answer sent by 192.168.1.200 follow the same route used by the data received through port forwarding.
i got a sample.c which generate a linked list for sorting according to the number generated. then i want to split the sorting function into a header file. and it looks like the sort function in the header file could not access the linked list in the main. the error is dereferencing pointer to incomplete type
How do I setup Self Port Forwarding on Fedora 13 x64 How Port Forwarding Works Port forwarding allows access to a local area network by a remote user through forwarding ports that provide ftp access and web server access. The operating systems use a kernel or ipfirewall to carry out the port forwarding process.
There are several different ways that port forwarding is accomplished. * Self Forwarding: Self forwarding is port forwarding that is accomplished on a local area network that has multiple computers connected to the network. Since all of the computers share the same IP address, the port forwarding must be conducted within each computer on its own system. If the local area network router has a network access translator then the computers that are connected to the router must also do port forwarding within their own system.Port forwarding can be accomplished with Unix systems however the port can only be accessed by the root administrator. This is a less common method of port forwarding due to the fact that using a root administrator poses risks to the system because the users will often take a detour to a higher port number to gain faster access to the server.Double port forwarding involves the use of multiple routers that join computers on a local area network. As a result, the ports on one router are forwarded to another router that acts as a gateway. The gateway router then forwards to a host on the local area network (LAN). This type of port forwarding involves the communication of several components which include the session server, session client, and session port. When the user establishes a connection the session server will connect to one of the session ports that are to be forwarded which will in turn, forward the port to the session client. Reverse port forwarding is used when access is required to a port that is protected behind a firewall.
While port forwarding is convenient, there are a few things to be aware of when using this type of technology. If you use port forwarding only one port can be used at a time and the machine that is receiving the port forwarding can only view the information as coming from the router instead of the original machine. Additionally, port forwarding can open up network access to other machines that may be able to find the port forwarding by gaining unauthorized access. I know how to setup port forwarding in my router along with Dyndns.org free ED, but my local area network has multiple computers connected to the network on my router. All of the computers share the same external (public) dynamic IP address; when I setup port forwarding only my Web Server can access the internet, so how do I setup Self Port Forwarding on Fedora 13 x64
I'm new to linux, but enjoy using it very much, especially without a GUI, console is fun! I need to set up port forwarding. We have 3 servers, 1x running Ubuntu server 8.04 (used as transparent proxy), 1x server 2003, 1x windows xp.
The linux box has the following ips: eth0 (internal) 192.168.1.5 eth1 (external) 192.168.0.7
Windows server 2003: 192.168.1.6
Windows XP: 192.168.1.9
Router: 192.168.0.1
The router automatically forwards specific ports to 196.168.0.7 (Linux eth0). From there I want to forward port 8585 to 192.168.1.6 and 3000 to 192.168.1.9. Is there a way that I can do this using iptables?
The commands that I think I'm gonna use look like this: iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 8585 -d 192.168.1.6 -j ACCEPT iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3000 -d 192.168.1.9 -j ACCEPT
Would this be a correct way of doing it? My biggest problem is that I can't test it without going live, and if I go live and something doesn't work, the entire building will be left without internet, people will hate me. Also, The proxy captures all data on port 80 and forwards it to 3128 so that the proxy can monitor the usage, and a few systems runs fine with it, others however can ping websites, and internet explorer says "website found, waiting for reply" but the webpages cannot be displayed.
I recently purchased a new PCI to Serial card to get 2 serial ports so I can connect my external serial modem and operate hylafax. The machine that I placed this card is a Debian 2.6.26-19lenny2 which is operating just fine. Further more the motherboard is ASUS P5QL-CM. I have managed to place the pci card on an available slot and powered on. I then tried to follow the instructions that the supplier of the card had regarding installation of drivers and this is what I get:
First they asked to untar the contents and make clean. the result is :
debiansrv:/temp/golden# make clean cd driver; make clean make[1]: Entering directory `/temp/golden/driver' rm -f *~ rm -f *.o
I am trying to set up a new user account I can give to friends so they can SSH into my forward computer, and only allow forwarding of certain ports.
I do not want my friends to have a shell, or be able to change what ports to where they are allowed to forward.
example session: joe(friend) connects using PuTTY (that I have pre-set, he isn't good with computers) to example.com(my Internet facing computer) forwarding ports 8080,1990,25565 to him(with what ever end ports he wants, preferably they stay the same numbers) example ssh command to do similar (but he can still change the ports on my computer!)
is it possible to also leave default SSH functinality for all other users but this one?
I found this when I was searching google, but alas, I did not quite understand what was being suggested, and I don't think they covered restricting port forwarding
I notice that my bittorrent client is capable of automatically setting up port forwards with my router, and I want to know if I can do the same in a shell script. The reason is, that since my router is stupid and won't let me keep static IP addresses (it seems they forced a DHCP refresh every week to make me want to pay for a more expensive model which doesn't), I need to get my computer to change the port forward to follow my computer's changing internal network IP address. I have a couple of port forward manually entered into my router settings for web interfaces to bittorrent etc, but of course these have a good chance of being invalidated at each DHCP refresh cycle.
I have changed over to AT&T U-verse. I need help getting my sendmail able to send out.
From AT&T website Incoming mail port number: 995 (make sure secure connection (SSL) is checked) Outgoing mail port number: 465 (make sure secure connection (SSL) is checked)
how to setup sendmail to use SSL , userid,password and port 465 ?
I get this message when I try to start my Apache httpd server : Code: [root@user ~]# /etc/init.d/httpd start Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:8091 [OK] So I tried to identify the user of port 8091 : Code: sudo netstat -nap | grep 8091 sudo lsof -i:8091 But it seems that nothing is using port 8091! I'm running on Fedora 13 and I cannot use an other port for my server.
I want to run a soft that is daemonized, and listens on port 6789. This soft is launched through a php page, so, by the apache user. The probl�me is that the apache user does not has rights to open / listen on a port. I tried to add apache user to the root group, but it won't help. In the application log, I have this every second :
[code]...
I tried to add apache user in the sudoers with a nopasswd but it's still a no go.
I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:
nc: connect to localhost port AAAA (tcp) failed: Connection refused while nc -v -w2 -z localhost BBBB
My understanding is SELinux adds type enforcement to standard Linux. This means that both the standard Linux and enhanced SELinux access controls must be satisfied to access an object. Which means that thing that is prevented to do in the normal standard Linux will be also prevented in the SELinux System? Does SELinux make it possible to run a non-root software to bind to a port < 1024? something that standard Linux won't allow? If not, what other suggestions do you have for allowing a program to run as non-root but able to bind to privileged ports? I know all about using the port re-direction such as ipchains, iptables.
I just installed Gutsy server. It is the only disk I can get to boot on this old PC trying to salvage. I'm at the "SERVER LOGIN" prompt. I created one user during the install. I can login as that user, but that user has "...Is not in the SudoersFile." How do I setup this user to be in the sudoers file, without having any ability to make changes to the system?
I would like to set up a user account with no network access. Reason is that sometimes my little daughter plays with the computer (for example watching movies on dvd's) and I want to prevent internet access in case she plays unattended. Is there a simple way to do that? I am using ubuntu 10.04.
I have a remote virtual server for a few websites, it's running on Fedora Core release 6 (Zod). I want to setup an FTP user so I can have someone do some work for me. He only needs very limited access. I have searched for help and thought I found out what I needed to do, but when I try to test the connection, after the password is sent I get the message "530 Login incorrect", followed by "Critical Error", "Could not connect to server". (I am using FileZilla for my FTP client) Below is what I did to add the user
"thisisit" is the name of the directory I want to give access to and "myuser" is the user I am adding. I use passwd myuser to add a password. I've tried -s /dev/null also (to prevent this user having shell access) but it's the same. The worse thing is, I did a similar thing last year for a customer so he could upload images to my site. That login works fine. I have looked at the passwd file and both users seem to be setup the same, yet the new user does not work. What am I overlooking?The two entries in my passwd file are The one that doesn't work
myuser:x:10025:10025::/var/www/vhosts/mywebsite.com/httpdocs/thisisit/:/dev/null And below the use I created lat year that DOES work. mycustomer:x:10008:10008::/home/ftp/mycustomer/:/dev/null
Hello, I'm trying to set up a read only FTP user; basically, they have the ability to browse a particular images folder and download, but not write (or delete accidentally). I've got it set up so the FTP user logs in directly to the folder, so I'm good with that; but they still have write permissions. We have an application built in PHP that copies image uploads to this folder; it also resizes them in the same folder. So in addition to the main FTP user (me) who needs write access to this folder, whatever the Apache/PHP user is (not sure?) also needs write access. Is there a simple way to affect read/write permissions on a user level?
I have setup the fetchmail as below: Code: poll domain.com proto pop3 via domain.com user "user@domain.com" pass "123456789" is user@domain.com keep no fetchall
When I try to login it gives the following message: Code: fetchmail: 6.3.8 querying domain.com (protocol POP3) at Sun 24 Oct 2010 10:51:52 AM EEST: poll started Trying to connect to domain.com/110...connected ..... fetchmail: domain.com: upgrade to TLS succeeded. fetchmail: POP3> USER user@domain.com fetchmail: POP3< +OK fetchmail: POP3> PASS * fetchmail: POP3< -ERR Authentication failed. fetchmail: Authentication failed. fetchmail: Authorization failure on user@domain.com@domain.com fetchmail: POP3> QUIT fetchmail: POP3< +OK Logging out
Although I'm able to login to the webmail of my domain.com cpanel with the same username and password, please note also that it some time working smoothly and most time it gives login authentication failure:
I have a 2G Broadband service through my Ethernet cable. My provider in China has a user name and password to login to their service. I don?t have a modem or anything but the wire coming in from the outside. It is setup in windows but I can?t figure out how to do it in Ubuntu 11.04.
I have a mail server i need it to send message via port 587 not port 25, i make some changes to my postfix server which i use and it is already successed making a telnet to 587 port like it :
I have a LAMP server running. Currently there are not vhosts, just the basic single site apache2 running a web app. I want to set up ftp access to the www root, but my attempts have failed. When I try to ftp using the user I created, I get dumped in the users home directory. I can also browse the entire file system. What I can't do is upload content to the www root. I get permission errors. How can I set ftp up to allow a user to access the www root only?
I am trying to set up my Ubuntu 10.04 netbook to see my WinXP desktop's files and vice a versa. I followed the steps in this tutorial thread: HOWTO: Setup Samba peer-to-peer with Windows. I got as far as "Time to add yourself as an samba user." at this point I keep getting the following error:
Code: sudo smbpasswd -L -a WinXP_User_Name New SMB password: Retype new SMB password: Failed to add entry for user WinXP_User_Name. My WinXP machine has no password.
My conf file is here: [global] ; General server settings ; netbios name = WinXP_Computer_Name server string = ; workgroup = WinXP_WorkStation_Name announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = tdbsam security = user .....
I configured my server to have the virtual mail authenticated and stored through mysql DB.Now the authentication works, but then I got the dreaded -ERR chdir error.After research and testing for ohurs I finally got it working on ONE account after I created the maildir with maildirmake.Now I am able to login and "list" messages, but nothing else. When I use postfixadmin to setup a new user, the maildir does not get created so I have the same problem.I'm trying to troubleshoot what is happening.Here are the relevant config files:
I have a mercurial repository on a secure server, to which I want to grant secure access to an external user.
I added for him a user account and publickey ssh authentication so that now he could push/pull changesets via ssh.
My question is: how can I make this new user account completely disabled from doing anything or accessing any data on the server other than accessing the repository? E.g. he shouldn't even have the possibility to enter an interactive shell session.
