[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [RaQ3] Port Sentry
- Subject: Re: [cobalt-security] [RaQ3] Port Sentry
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Mon, 11 Jun 2001 15:59:49 +0200
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Kevin,
> Now this I like. I've actually considered setting up something like this
> myself... care to share that config and script?
Sure, no problem. But I'll have to leave out the randomized restart routine
for NDA reasons <sigh>. Just bind this script to a cronjob that will run
several times a day (1-3 times for instance) and you're there almost as good.
Make sure you understand what the script does before you attempt to use it!
For instance: If you don't have SSH installed, then you will no longer be
able to get to the shell, as it'll block the telnet port! :o)
#!/bin/sh
# This script makes sure that Portsentry does not generate
# too many false alerts. It also makes sure that Portsentry is
# restarted periodically. When that happens existing
# Firewall rules will be flushed. So if a customer accidentially
# blocked himself, then a flush of the ruleset will make
# sure that he can get in again after a considerable wait.
# For questions ask cobalt@xxxxxxxxxxxxxx
# Stop all instances of Portsentry:
killall -9 portsentry
# Flush all existing Firewall rules
/sbin/ipchains -F
#Deny Telnet permanently (only if you have SSH!):
/sbin/ipchains -A input -l -i eth0 -d 0/0 23 -p tcp -j DENY
# Deny TCP and UDP packets to certain ports:
/sbin/ipchains -A input -i eth0 -d 0/0 137:139 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 137:139 -p tcp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 68 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 67 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 123 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 161 -p udp -j DENY
# Remove portsentry history file:
rm /usr/local/psionic/portsentry/portsentry.blocked.*
# Restart Portsentry in both ATCP and AUDP mode:
/usr/local/psionic/portsentry/portsentry -atcp
/usr/local/psionic/portsentry/portsentry -audp
# Say something nice and exit gracefully:
echo "Firewall rules flushed and Portsentry restarted"
--
Mit freundlichen Grüßen / Best regards
Michael Stauber
Stauber Multimedia Design ____ Phone: +49-6471-923812
Hauptstrasse 31 ______ D-56244 Goddert ______ Germany
SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM