Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
im trying to close all ports except for the ones needed for my servers, which at this time are ports 21 (ftp), 22 (ssh), 25 (SMTP), 80 (http), 110 (POP3), and 10000 (Webmin)
then all you need to do is add one rule to the script i posted:
i want to try this script out but i think my external hardware might be venet0 (or venet0:0) and i dont wanna lcok myself out. (this is on a VPS im rneting i dont have physical access to the server only via shell and webmin)
i want to try this script out but i think my external hardware might be venet0 (or venet0:0) and i dont wanna lcok myself out. (this is on a VPS im rneting i dont have physical access to the server only via shell and webmin)
what i would do then is cron a script to clear all my rules and chains like in 20 minutes just in case... so if i lock myselft out i know i'll just have to wait 20 minutes before i can get back in... it's just a suggestion and if you use it make sure you test it beforehand...
instead of your configuration for the iptables to test out the cronjob i did one where i had done it before and i knew i could still log into the server via ssh
anyway the cronjob didnt work but i used ssh to login to root and do this:
instead of your configuration for the iptables to test out the cronjob i did one where i had done it before and i knew i could still log into the server via ssh
anyway the cronjob didnt work but i used ssh to login to root and do this:
su root
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
as the cronjob script
yes, you can cron any script you want... but croning all scripts is the same procedure, so if you couldn't get mine to work it's fair to assume you won't get yours to work either... what does the line in your crontab look like??
EDIT: wait, i just noticed your "su root" thing... why are you doing that?? are you using your non-root crontab for this?? if so, that's likely why it won't work... you need to use root's crontab...
id rather figure out whats not working about iptables -P INPUT ACCEPT;iptables -P OUTPUT ACCEPT becasue i know doing this in the SSH works fine (i typed it just like that into my SSH client with no error)
id rather figure out whats not working about iptables -P INPUT ACCEPT;iptables -P OUTPUT ACCEPT becasue i know doing this in the SSH works fine (i typed it just like that into my SSH client with no error)
in your crontab, you need to use absolute pathnames...
notice how in my script "/sbin/iptables" is used instead of "iptables"...
To my mind, this is one job you have to run as root, iptables is invisible to the user. The webmin cron interface has a "run as" option, but I'm not sure it won't hang awaiting a root pass in the background, i.e. fail if yoy select "run as root."
ok i got the cron to work. just i cant get the scrip to execute now..
[root@vps local]# ls
bin gamecreate include lib man share teamspeak
etc games iptables_script libexec sbin src webmin
[root@vps local]# chmod +x iptables_script
[root@vps local]# ./iptable_script
-bash: ./iptable_script: No such file or directory
[root@vps local]# /usr/local/iptables_script
: bad interpreter: No such file or directory
i tried the full patth the second time just to ry it
i did ls and i see the file right there i dont understand
To my mind, this is one job you have to run as root, iptables is invisible to the user.
it's not invisible at all, in fact it's in non-root users' paths... they have access to the binary, they will just get a permissions error when they run it...
Code:
win32sux@carly:~$ whoami
win32sux
win32sux@carly:~$ iptables -L
iptables v1.3.3: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
win32sux@carly:~$
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.