[TriLUG] iptables/ipchains (WAS: Security woes)
Vestal, Roy L.
rvestal at rti.org
Fri Jan 18 11:31:00 EST 2002
Okey, confession time.
First big thanks go out to Lisa, Jon, and "That One Guy". Thanks for the
help and the learning experience. What did I learn? START AT THE SIMPLE
STUFF FIRST (KISS principle).
I didn't have the services installed (my stupid), and thanks to Lisa, I
found that out (KISS principle 1st step, make sure the services are
installed). "That One Guy" showed me how to verify the services were
running once installed, and of course, Jon with his guru SSH guidance.
Thanks again for the help. Man what a great bunch of LUG'gers! I can now
work from home. :)
Now if I can just figure out VNC.....(hint, hint)
-----Original Message-----
From: Jon Carnes [mailto:jonc at nc.rr.com]
Sent: Friday, January 18, 2002 10:11 AM
To: trilug at trilug.org
Subject: Re: [TriLUG] iptables/ipchains (WAS: Security woes)
In /etc/xinetd.d/.. look for the config file for the service you want to
start. Edit the file and change "disabled = yes" to "disabled = no"
To start Openssh server: "/etc/rc.d/init.d/sshd start"
Jon Carnes
----- Original Message -----
From: "Vestal, Roy L." <rvestal at rti.org>
To: "'Lisa Lorenzin'" <lorenzin at 1000plus.com>
Cc: "'Trilug-Triangle Linux Users Group'" <trilug at trilug.org>
Sent: Friday, January 18, 2002 8:55 AM
Subject: RE: [TriLUG] iptables/ipchains (WAS: Security woes)
> Okey, here's my "DOH!!"
>
> telnet server, wu-ftp server, and openssh server were not installed!
DOH!.
> I've installed the stock ones from RHL 7.2. I am a newbie in the server
> arena (setup wise), and I've learned the "stock" box isn't best. But I'm
not
> sure how to start these, since I am used to inetd and 7.2 uses xinetd.
>
> So the server packages are now installed. Now what?
>
> -----Original Message-----
> From: Lisa Lorenzin [mailto:lorenzin at 1000plus.com]
> Sent: Thursday, January 17, 2002 5:20 PM
> To: Vestal, Roy L.
> Subject: RE: [TriLUG] iptables/ipchains (WAS: Security woes)
>
>
>
> hi roy,
>
> just a quick check - are you sure that the telnet, ftp, and vnc are
> running on the box, and accepting outside connections? is it possible
> that your daemons aren't running / listening?
>
> does ps -ef | grep telnet show your telnet daemon running? does netstat
> -an show your box listening on port 23? is there anything in your
> /etc/hosts.allow or hosts.deny?
>
> can you get ANYTHING in to the box? web connections? ssh?
>
> (sorry for the no-brainer questions, but i usually try to start at the
> very beginning when troubleshooting this kind of thing.)
>
> have you tried using tcpdump to see whether your box is receiving any
> traffic requests? run
>
> tcpdump -i eth0 -v > /tmp/tcpdump.output
>
> and then try to telnet to the box from another system, and then wait a
> couple minutes minutes (it takes a while for tcpdump to write out all its
> data), then kill tcpdump and grep/eyeball the output file for the ip
> address of the other box.
>
> also, after you attempt to telnet in, go into /var/log and grep * <ip
> address of other box> to see if anything shows up in there.
>
> if these are way too obvious and you've already gone through all this, i'm
> sorry for cluttering your inbox...
>
> lisa
>
> --
> lisa lorenzin | lorenzin at 1000plus.com |
> http://www.1000plus.com/lisa/
> # find / -user your -name base -print0 | xargs -0 chown us
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
_______________________________________________
TriLUG mailing list
http://www.trilug.org/mailman/listinfo/trilug
More information about the TriLUG
mailing list