Monthly Archive

You are currently browsing the monthly archive for iulie 2009.

NMAP 5.0 out

iulie 20, 2009 in Tools | Leave a comment

Ca intotdeauna Fyodor se pregateste in felul lui sa serbeze DefConn-ul de anul asta. Si se pare ca anul acesta vine cu versiunea 5.0 pentru a sarbatori evenimentul. O noua facilitate care mie mi s-a parut foarte interesanta este utilitarul ndiff. Acest nou utilitar poate fi folosit pentru a compara rezultatul a doua scan-arii in format xml.

$ ndiff -h
Usage: /usr/local/bin/ndiff [option] FILE1 FILE2
Compare two Nmap XML files and display a list of their differences.
Differences include host state changes, port state changes, and changes to
service and OS detection.

-h, –help     display this help
-v, –verbose  also show hosts and ports that haven’t changed.
–text         display output in text format (default)
–xml          display output in XML format

Sint multe alte lucruri noi, deci go upgrade.

Crearea unui firewall implicit in Ubuntu.

iulie 4, 2009 in Back to security basic, Linux | Leave a comment

Nu-mi place UFW-ul, firewall-ul care vine implicit cu Ubuntu.  Poate si pentru ca atunci cind e vorba de firewall-uri prefer sa il configurez eu singur. Cum arata la mine scheletul de la care pornesc?

touch /opt/tools/script/firewall
sudo chown root:root /opt/tools/script/firewall
sudo chmod 755 /opt/tools/script/firewall
sudo ln -s /opt/tools/script/firewall /etc/init.d/firewall

Continutul fisierul /opt/tools/script/firewall este:
#!/bin/sh -e

### BEGIN INIT INFO
# Provides:          My own Firewall
# Required-Start:    mountall
# Required-Stop:     
# Default-Start:     S
# Default-Stop:      
# Short-Description: start firewall
### END INIT INFO

PATH="/sbin:/bin:/usr/sbin:/usr/bin"

. /lib/lsb/init-functions

error=0
case "$1" in
start)
 log_action_begin_msg "Appling the firewall rules:"
 iptables --table filter --flush
 iptables --table filter --delete-chain
 iptables --table filter --zero
 #iptables --table filter --policy INPUT DROP
 #iptables --table filter --policy OUTPUT DROP
 #Accept ICMP Type 8 Echo Replay Request and Type 0 Echo Replay.
 iptables --table filter --append INPUT --protocol icmp --icmp-type 8 -s 0/0 --match state --state NEW,ESTABLISHED,RELATED --jump ACCEPT
 iptables --table filter --append INPUT --protocol icmp --icmp-type 0 -s 0/0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
 iptables --table filter --append OUTPUT --protocol icmp --icmp-type 0 -d 0/0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
 iptables --table filter --append OUTPUT --protocol icmp --icmp-type 8 -d 0/0 --match state --state NEW,ESTABLISHED,RELATED --jump ACCEPT
 #Accept Localhost
 iptables --table filter --append INPUT --source 127.0.0.1 --destination 127.0.0.1 --match state --state NEW --jump ACCEPT
 iptables --table filter --append OUTPUT --source 127.0.0.1 --destination 127.0.0.1 --match state --state NEW --jump ACCEPT
 #Accept DHCP    
 iptables --table filter --append INPUT --protocol udp --destination-port 67 --jump ACCEPT
 iptables --table filter --append INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
 #Drop windows broadcast
 iptables --table filter --append INPUT --protocol udp --match udp --dport 137:138 --jump DROP
 iptables --table filter --append INPUT --jump LOG --match limit --limit 5/min --log-level 4 --log-prefix "INPUT CHAIN DROP"
 iptables --table filter --append INPUT --jump DROP
 log_action_end_msg $error
 exit $error
 ;;

stop)
 log_action_begin_msg "Removing the firewall rulles:"
 iptables --table filter --flush
 iptables --table filter --delete-chain
 iptables --table filter --zero
 log_action_end_msg $error
 exit $error
 ;;
status)
 iptables -L
 log_action_end_msg $error
 exit $error
 ;;
*)
 echo "Usage: /etc/init.d/ufw {start|stop|restart|force-reload|status}"
 exit 1
 ;;
esac

si la sfirsit:

sudo update-rc.d -f ufw remove # to remove the ufw firewall

sudo update-rc.d firewall defaults