Nu-mi place UFW-ul, firewall-ul care vine implicit cu Ubuntu. Poate si pentru ca atunci cind e vorba de firewall-uri prefer sa il configurez eu singur. Cum arata la mine scheletul de la care pornesc?
touch /opt/tools/script/firewall
sudo chown root:root /opt/tools/script/firewall
sudo chmod 755 /opt/tools/script/firewall
sudo ln -s /opt/tools/script/firewall /etc/init.d/firewall
Continutul fisierul /opt/tools/script/firewall este:
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: My own Firewall
# Required-Start: mountall
# Required-Stop:
# Default-Start: S
# Default-Stop:
# Short-Description: start firewall
### END INIT INFO
PATH="/sbin:/bin:/usr/sbin:/usr/bin"
. /lib/lsb/init-functions
error=0
case "$1" in
start)
log_action_begin_msg "Appling the firewall rules:"
iptables --table filter --flush
iptables --table filter --delete-chain
iptables --table filter --zero
#iptables --table filter --policy INPUT DROP
#iptables --table filter --policy OUTPUT DROP
#Accept ICMP Type 8 Echo Replay Request and Type 0 Echo Replay.
iptables --table filter --append INPUT --protocol icmp --icmp-type 8 -s 0/0 --match state --state NEW,ESTABLISHED,RELATED --jump ACCEPT
iptables --table filter --append INPUT --protocol icmp --icmp-type 0 -s 0/0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
iptables --table filter --append OUTPUT --protocol icmp --icmp-type 0 -d 0/0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
iptables --table filter --append OUTPUT --protocol icmp --icmp-type 8 -d 0/0 --match state --state NEW,ESTABLISHED,RELATED --jump ACCEPT
#Accept Localhost
iptables --table filter --append INPUT --source 127.0.0.1 --destination 127.0.0.1 --match state --state NEW --jump ACCEPT
iptables --table filter --append OUTPUT --source 127.0.0.1 --destination 127.0.0.1 --match state --state NEW --jump ACCEPT
#Accept DHCP
iptables --table filter --append INPUT --protocol udp --destination-port 67 --jump ACCEPT
iptables --table filter --append INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
#Drop windows broadcast
iptables --table filter --append INPUT --protocol udp --match udp --dport 137:138 --jump DROP
iptables --table filter --append INPUT --jump LOG --match limit --limit 5/min --log-level 4 --log-prefix "INPUT CHAIN DROP"
iptables --table filter --append INPUT --jump DROP
log_action_end_msg $error
exit $error
;;
stop)
log_action_begin_msg "Removing the firewall rulles:"
iptables --table filter --flush
iptables --table filter --delete-chain
iptables --table filter --zero
log_action_end_msg $error
exit $error
;;
status)
iptables -L
log_action_end_msg $error
exit $error
;;
*)
echo "Usage: /etc/init.d/ufw {start|stop|restart|force-reload|status}"
exit 1
;;
esac
si la sfirsit:
sudo update-rc.d -f ufw remove # to remove the ufw firewall
sudo update-rc.d firewall defaults
)
As a former IT Auditor, I can tell you this with certainty: even the most skilled, detail-oriented IT Security Professional can only report what his or her manager will let him or her report. I audited Fortune 500 companies and there were always gaping holes in their IT security. I always reported them. But, in an attempt to keep future business, my management demanded that I remove many findings from my reports. Even though I refused to sign those reports, I bet I could still be held liable. I lost my job for being insubordinate. Watch for more of this in the future.
.
Comentariul imi aduce aminte de experienta mea de auditor, cind am intilnit situatii asemanatoare – frustrante si care deformeaza insasi scopul auditului, de orice fel ar fi el. Credeam ca se intampla asa doar la case mari dar, discutind acum ceva timp cu directorul departamentului de certificare al unei firme de securitate din Romania, am auzit ca aceleasi probleme sint si in sistemul romanesc. Rapoartele sint aranjate pentru a nu pierde clientul – desi clientul pierde mult mai mult tot negociind finding-urile unui audit.