Archive | November 17, 2009

IPTables – Filter ICMP Address Mask Request & Replies

Posted on November 17, 2009 by admin in Project Gallery

Here’s how to filter or block ICMP address mask requests and replies. On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines -A RH-Firewall-1-INPUT -p ICMP –icmp-type address-mask-request -j DROP -A RH-Firewall-1-INPUT -p ICMP –icmp-type address-mask-reply -j DROP and then run: /sbin/iptables restart Or run the following commands: /sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP –icmp-type address-mask-request [...]

Here’s how to filter or block ICMP address mask requests and replies.

On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines

-A RH-Firewall-1-INPUT -p ICMP –icmp-type address-mask-request -j DROP
-A RH-Firewall-1-INPUT -p ICMP –icmp-type address-mask-reply -j DROP

and then run:

/sbin/iptables restart

Or run the following commands:

/sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP –icmp-type address-mask-request -j DROP
/sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP –icmp-type address-mask-reply -j DROP
/sbin/service iptables save

Recently on an Ubantu server we just added these lines to /etc/rc.local:

/sbin/iptables -I INPUT 1 -p ICMP –icmp-type address-mask-request -j DROP
/sbin/iptables -I INPUT 1 -p ICMP –icmp-type address-mask-reply -j DROP

View Comments Continue Reading →

IPTables – Filter ICMP Timestamp Requests & Replies

Posted on November 17, 2009 by admin in Networking

Here’s how to filter or block ICMP timestamp requests and replies. On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines -A RH-Firewall-1-INPUT -p ICMP –icmp-type timestamp-request -j DROP -A RH-Firewall-1-INPUT -p ICMP –icmp-type timestamp-reply -j DROP and then run: /sbin/iptables restart Or run the following commands: /sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP –icmp-type timestamp-request -j [...]

Here’s how to filter or block ICMP timestamp requests and replies.

On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines

-A RH-Firewall-1-INPUT -p ICMP --icmp-type timestamp-request -j DROP
-A RH-Firewall-1-INPUT -p ICMP --icmp-type timestamp-reply -j DROP

and then run:

/sbin/iptables restart

Or run the following commands:

/sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
/sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
/sbin/service iptables save

Recently on an Ubantu server we just added these lines to /etc/rc.local:

/sbin/iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
/sbin/iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
View Comments Continue Reading →

Apache – Remove Auth From Subdirectory

Posted on November 17, 2009 by admin in Apache

Assume that you have a folder that is restricted by HTTP Basic Auth but you want to allow access to a sub-folder. Here’s how: <Directory /var/www/vhosts/domain.com/httpdocs/myfolder > Satisfy Any Allow from all </Directory> Bookmark on Delicious Digg this post Recommend on Facebook share via Reddit Share with Stumblers Tweet about it Subscribe to the comments [...]

Assume that you have a folder that is restricted by HTTP Basic Auth but you want to allow access to a sub-folder. Here’s how:

<Directory /var/www/vhosts/domain.com/httpdocs/myfolder >
   Satisfy Any
   Allow from all
</Directory>
View Comments Continue Reading →

Zabbix – Monitor for Apache config errors

Posted on November 17, 2009 by admin in Apache

To monitor for Apache config file errors in Zabbix do the following: 1. Create monitor test script at /etc/zabbix/apache_configtest.pl with the following contents: #!/usr/bin/perl my $result = `/usr/sbin/apachectl configtest 2>&1`; if ($result =~ /Syntax\ OK/ ) { print “0″; } else { print “1″; }; 2. Add the following line to the end of /etc/zabbix/zabbix_agentd.conf: [...]

To monitor for Apache config file errors in Zabbix do the following:

1. Create monitor test script at /etc/zabbix/apache_configtest.pl with the following contents:

#!/usr/bin/perl

my $result = `/usr/sbin/apachectl configtest 2>&1`;
if ($result =~ /Syntax\ OK/ )  {
        print "0";
} else {
        print "1";
};

2. Add the following line to the end of /etc/zabbix/zabbix_agentd.conf:

UserParameter=apache.configtest,/etc/zabbix/apache_configtest.pl

3. From the Zabbix web interface add an Item for the new monitor at Configuration -> Items -> Create Item with the following settings:

Description: Apache config has errors
Type: Zabbix Agent
Key: apache.configtest
Type of information: Numeric
Status: Active
Applications: Apache

Other fields can be left at default.

4. Add a Trigger for the new Item at Configuration -> Triggers -> Create Trigger with the following settings:

Name: Apache config has errors
Expression: {host:apache.configtest.last(0)}=1
Severity: Hight

Other fields can be left at default.

View Comments Continue Reading →