Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 49

Thread: OK *NIX groupies

  1. #21
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    And where can we get this this VLock?

    "There are two major products that come out of Berkeley: LSD and BSD. We don't believe this to be a coincidence." --Jeremy S. Anderson
    There are a lot of major products that come from Belgium: pralines, Belgian Sprouts, Belgian Endives, Belgian Waffles, BELGIAN fries (yes, I know it's called french fries, because the lame-ass that landed in Belgium did think he was in France). And not to forget: Bastard Operators From Belgium!)
    And beer! (I know Butt ,- is the main beer distributor in the world, but that won't take long.
    Butt beer actually is beer with +++++++++censore,.............. in it).
    InterBrew actually is the number 2 in the world, so here we come with real beer, Butttttttttassbeer, like Celis White, Duvel, Stella, Jupiler, Maes, (and about 400 others)

    And Technotronic's Pump Up The Jam?
    And 2Unlimited?
    AND New Beat? AND Lords of Acid?


    I don't believe this to be a coincidence neither...

  2. #22
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    vlock

    vlock was created by RedHat. You can select it in a custom installation of RedHat. Otherwise you can get the rpm off of RedHat's download site or the source here (link is to freshmeat in case new version comes out or something):

    http://freshmeat.net/projects/vlock/

    You sure do like my quotes, don't you Negative?
    \"If you torture the data enough, it will confess.\" --Ronald Coase

  3. #23
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    You sure do like my quotes, don't you Negative?
    I'm a big fan of theirs.

    BTW: anybody can tell me how to install a Alcatel Speed Touch USB on SUSE 7.2? Never tried it with a USB modem before.

  4. #24
    Junior Member
    Join Date
    Aug 2001
    Posts
    5
    I'd say that only thing you have to do is to rebuild kernel with USB suport and USB modem support.
    there are lots of linux-usb-HOWTOs out there

  5. #25
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Yeah I know, I installed the hotplug stuff again but it doesn't seem to work. BTW, SUSE 7.2 supports USB. It just doesn't seem to recognize my modem (and yes, I downloaded the drivers). Strange...

  6. #26
    Senior Member
    Join Date
    Sep 2001
    Posts
    412

    OK *NIX groupies

    I'm an NT admin by trade and a linux hobbyist, i tend not to get involved in arguments over which is best, in my opinion they both have thier merits and faults, linux is free though...
    If your interested in how people secure thier boxes, here's what i do:
    firstly, as has been said before, don't run services you don't need, thats just common sense, i prefer though to have a tight gateway box and you can relax a bit on your other pc's here's a script i knocked up using the brilliant iptables from the 2.4.x kernel:

    #Declare Constants
    LOCALNET="192.168.0.1/24"
    INT_IF="eth0"
    INT_IP="192.168.0.1/32"
    EXT_IF="eth1"
    EXT_IP=""

    LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/24"
    # Switch on ip forwarding
    echo Turning on IP forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward

    #Flush all rules
    echo Flushing rules
    iptables -F
    iptables -X

    #Masquarade for local lan
    echo Setting nat for $LOCALNET
    iptables -t nat -A POSTROUTING -o $EXT_IF -j MASQUERADE
    iptables -A FORWARD -i $EXT_IF --source $LOCALNET -j ACCEPT
    iptables -A FORWARD -m state --destination $LOCALNET --state ESTABLISHED -j ACCE
    PT

    #Create a new table for logging/dropping packets
    iptables --new DROPME 2>/dev/null
    iptables -A DROPME --proto tcp -j LOG --log-level info --log-prefix "TCP Drop "
    iptables -A DROPME --proto udp -j LOG --log-level info --log-prefix "UDP Drop "
    #iptables -A DROPME --proto gre -j LOG --log-level info --log-prefix "GRE Drop "
    iptables -A DROPME -f -j LOG --log-level emerg --log-prefix "Frag Drop "
    iptables -A DROPME -j DROP

    echo Building hack attempt rules
    iptables --new HACKER 2>/dev/null
    iptables -A HACKER --proto ALL -j LOG --log-level warn --log-prefix "Hacker Atte
    mpt: "
    iptables -A HACKER --j REJECT

    #Deny MySQL
    echo Denying mysql connections apart from $LOCALNET
    iptables -A INPUT --protocol tcp --dport 3306 --source ! $LOCALNET -j HACKER

    #Deny X Connections
    echo Denying X Connections apart from $LOCAL_ADDRS
    iptables -A INPUT --protocol tcp --dport 5900:6100 -i $EXT_IF -j HACKER
    iptables -A INPUT --protocol tcp --dport 5900:6100 -i ! lo -j HACKER

    #Deny Other Ports
    echo Denying SMB from outside $LOCALNET
    iptables -A INPUT --protocol tcp --dport 135:139 --source ! $LOCALNET -j HACKER
    iptables -A INPUT --protocol tcp --dport 23 --source 0/0 -j HACKER
    iptables -A INPUT --protocol tcp --dport 111 --source 0/0 -j DROP
    echo Denying udp upto 1024
    iptables -A INPUT -i ! lo --proto udp --dport :1023 -j DROP
    #Allow related connections back in
    #iptables -A $EXTER_IF -m state -d $
    iptables -L

    Obviously this is something you couldn't do with windows, i'm curious to see what the built in firewall in XP is going to be like, if its anything like microsofts last foray into security (ISA) then i wouldn't trust it.

  7. #27
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    You know... I think part of the reason some people use *nix semi-exclusively is so they can feel smart because of the 'only smart people use *nix' myth that seems to be involved.

    I would change that to 'only people with enough extra time on their hands use *nix'.

    I mean, it's funny. I've not found many (although some exist) *nix-only users who are dedicated to their OS, but don't seem to faintly exude a sort of 'I use it, you don't, I'm smarter' kind of attitude.


    As if OS matters quite so much now with the advent of TCP/IP .
    [HvC]Terr: L33T Technical Proficiency

  8. #28

    Post screen lock in X

    Actually the screen lock in X is only good for security if your box is in run level 5.
    If its in run level 3, then you can use Ctrl + Alt + Backspace to kill X, and land at the command prompt already logged in. Effectivly bypassing the screen lock.
    If in run level 5 then Ctrl + Alt + Backspace should land you at the X loggin screen (logged out).

  9. #29
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Obviously this is something you couldn't do with windows
    I don't follow you, Petemcevoy.
    So you think I can't define those rules in Windows? I don't see anything in your script I can't do with my Winbox. Maybe if you'd give me an example? I'm a retard, so I'm not as quick as you are.
    And BTW: can someone like Parker take a look at this script, please? I'm no *NIX guru, but I think it's got some errors in it.

    And Terr, why are you so fast? You're stealing the words right out of my mouth...again

  10. #30
    Senior Member
    Join Date
    Sep 2001
    Posts
    412

    Enlighten me

    Negative said:
    I don't follow you, Petemcevoy.
    So you think I can't define those rules in Windows? I don't see anything in your script I can't do with my Winbox. Maybe if you'd give me an example? I'm a retard, so I'm not as quick as you are.

    I've got a better idea, why don't you tell me how you would define those rules in a wondows box, how you would close down all ports apart from those you specify, or how you'd tell your windows box what to do to a packet that arrives at a particular port (DENY, DROP) - without the use of third party software


    And he also said:
    And BTW: can someone like Parker take a look at this script, please? I'm no *NIX guru, but I think it's got some errors in it.

    What's your interest in finding errors in my script? Hogfly asked how people tighten up security on thier *nix boxes, this is what i do, why did Terr and yourself take offence at this, do i smell an attack of the green eyed monster? I'm not trying to give any air of superiority, what i dont know could fill a thousand books. I'm not interested in a flame war either, if you want somebody to bicker with, pwaring seems quite contentious - go bother him.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •