Categories: Linux, Distributions, Debian, Mandrake, RedHat, Networking
Pages: 1 2 3 4 5 6 7 8 9 10 11 ... 12 >>
02/23/10
RHEL5 Server Hardening
The National Security Agency publishes a great collection of documents that provide detailed security configuration guidelines. The full index can be found here:
http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml
We particularly like the guides for RedHat EL5:
“Hardening Tips For Default Installation of Red Hat Enterprise Linux 5”
http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
“Guide to the Secure Configuration of Red Hat Enterprise Linux 5”
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
11/17/09
IPTables - Filter ICMP Timestamp Requests & Replies
Here's how to filter or block ICMP timestamp requests and replies.
On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines
-A RH-Firewall-1-INPUT -p ICMP --icmp-type timestamp-request -j DROP -A RH-Firewall-1-INPUT -p ICMP --icmp-type timestamp-reply -j DROP
and then run:
/sbin/iptables restart
Or run the following commands:
/sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP /sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP /sbin/service iptables save
Recently on an Ubantu server we just added these lines to /etc/rc.local:
/sbin/iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP /sbin/iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
08/11/09
ftps with lftp
lftp support ftps (different from sftp). ftps is ftp over an explicit TLS (SSL) connection. We've seen a few sites running MS IIS that require ftps and getting lftp to work has been tricky. To make it work verify that your lftp build has gnutls support compiled in with:
lftp -v
This build does not:
Libraries used: Readline 5.1, Expat 1.95.8, OpenSSL 0.9.8d 28 Sep 2006
Here's one that does:
Libraries used: Readline 5.1, Expat 1.95.8, GnuTLS 2.6.6, zlib 1.2.3
Once you have have TLS support in your lftp build then you can put a file with something like this:
lftp -c 'open -e "set ftps:initial-prot ""; \ set ftp:ssl-force true; \ set ftp:ssl-protect-data true; \ put test.txt; " \ -u "USERNAME","PASSWORD" \ ftps://HOSTNAME:990 '
The option sets are critical as lftp wants to do "PROT C" by default but Windows wants to see "PROT P".
04/24/09
Mount Windows drive share on RHEL5
RHEL5 replaced the old smbmount command with mount.cifs so to mount a shared Windows drive do something like:
mount -t cifs //servername/sharename /mnt/mountpoint \
-o username=myusername,password=mypassword
04/14/09
Reinstall grub in MBR
Two approaches to this. The first is to use the grub-install utility:
grub-install --root-directory=/boot /dev/???
The second approach is to use the grub command line:
1. Start the grub command line:
grub
2. Determine the boot device:
find /boot/grub/stage1
You'll get something like "(hd0,0)".
3. Tell grub where the root is:
root (hd0,0)
4. Install the MBR:
setup (hd0,0)
XML Feeds