Difference between revisions of "Scratchpaper.txt - the intestinal tract of linux notes"
From Free Knowledge Base- The DUCK Project: information for everyone
m |
m |
||
Line 90: | Line 90: | ||
<nowiki>/ 78 /tmp hda10 133 LN</nowiki> | <nowiki>/ 78 /tmp hda10 133 LN</nowiki> | ||
<nowiki>SWAP 125 SWAP hda11 125 swap</nowiki> | <nowiki>SWAP 125 SWAP hda11 125 swap</nowiki> | ||
+ | |||
+ | :/tmp/install.log | ||
+ | :300hex 10irq cc000 8013 | ||
+ | |||
+ | <nowiki>[root@bigdog /root]# cat /etc/sysconfig/network</nowiki> | ||
+ | <nowiki>NETWORKING=yes</nowiki> | ||
+ | <nowiki>FORWARD_IPV4=no</nowiki> | ||
+ | <nowiki>HOSTNAME=bigdog.robotz.com</nowiki> | ||
+ | <nowiki>GATEWAYDEV=eth0</nowiki> | ||
+ | <nowiki>GATEWAY=192.168.12.254</nowiki> | ||
+ | |||
+ | <nowiki> if [ "${GATEWAY}" != "" ]; then</nowiki> | ||
+ | <nowiki> if [ "${GATEWAYDEV}" = "" -o "${GATEWAYDEV}" = "${DEVICE}" ]; then</nowiki> | ||
+ | <nowiki> # set up default gateway</nowiki> | ||
+ | <nowiki> route add default gw ${GATEWAY} ${DEVICE}</nowiki> | ||
+ | <nowiki> DEFGW=${GATEWAY}</nowiki> | ||
+ | <nowiki> fi</nowiki> | ||
+ | <nowiki> fi </nowiki> | ||
+ | |||
+ | |||
+ | <nowiki> _______________________________________</nowiki> | ||
+ | <nowiki> | |</nowiki> | ||
+ | <nowiki> | this is really old and inacurate: |</nowiki> | ||
+ | <nowiki> | 1114mb 222x5 |</nowiki> | ||
+ | <nowiki> | |</nowiki> | ||
+ | <nowiki> | /usr 300 |</nowiki> | ||
+ | <nowiki> | /home 264 |</nowiki> | ||
+ | <nowiki> | /usr/local 300 |</nowiki> | ||
+ | <nowiki> | /usr/src 200 |</nowiki> | ||
+ | <nowiki> | /tmp 50 |</nowiki> | ||
+ | <nowiki> | / 80 |</nowiki> | ||
+ | <nowiki> | SWAP 32 |</nowiki> | ||
+ | <nowiki> | -------------------- |</nowiki> | ||
+ | <nowiki> |_______________________________________|</nowiki> | ||
+ | |||
+ | I am trapped in telnet: press CNTRL-] to get telnet> prompt | ||
+ | |||
+ | There are three: (port 113), time (port 37), and daytime (port 13). | ||
+ | |||
+ | NTP runs on port 123 using udp | ||
+ | |||
+ | *ipchains -A input -p udp -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0 123 | ||
+ | *ipchains -A input -p udp -j ACCEPT -s some.trusted.host -d 0.0.0.0/0 123 | ||
+ | *ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 123 | ||
+ | |||
+ | More on ipchains | ||
+ | |||
+ | First estable default policies | ||
+ | |||
+ | You may deny all or accept all depending on how paranoid you are. | ||
+ | :input ACCEPT | ||
+ | :forward DENY | ||
+ | :output ACCEPT | ||
+ | ipchains -A input -s 0/0 -d 0/0 -i lo -j ACCEPT | ||
+ | This annoying tosser doesn't even get to see our web site*** | ||
+ | ipchains -A input -p tcp -s x.x.x.x -d 0/0 80 -y -j REJECT | ||
+ | Below we block access to port 110 pop3 and ssh so we let a few friends in*** | ||
+ | ipchains -A input -p tcp -s x.x.x.x -d 0/0 22 -y -j ACCEPT | ||
+ | ipchains -A input -p tcp -s x.x.x.x -d 0/0 110 -y -j ACCEPT | ||
+ | Since we were not paranoid we should block ports not being used. | ||
+ | ipchains -A input -p tcp -s 0/0 -d 0/0 0:19 -y -j REJECT | ||
+ | ipchains -A input -p tcp -s 0/0 -d 0/0 23:24 -y -j REJECT | ||
+ | ipchains -A input -p tcp -s 0/0 -d 0/0 26:79 -y -j REJECT | ||
+ | ipchains -A input -p tcp -s 0/0 -d 0/0 81:1023 -y -j REJECT | ||
+ | You may wish to block udp on all standard ports below 1024 | ||
+ | ipchains -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT | ||
+ | Do not reply to ICMP TIMESTAMP packets | ||
+ | ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-request -l | ||
+ | ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-reply -l |
Revision as of 13:55, 26 June 2007
scratchpaper.txt - the intestinal tract of linux notes | created June 1998 |
/sbin/ifconfig | pico -w disables word wrap | |
/sbin/ifup eth0 | su -l login as root | |
*from telnet CTRL-H backspace, CTRL-D delete |
- /etc/sysconfig/network-scripts/ifcfg-eth0
- ONBOOT YES
- /usr/sbin/in.telnetd
- /var/log/*
- /etc/inetd.conf
- talcon=zygotech@itsnet.com
- /etc/passwd
- /etc/securetty
ftp.linpeople.org/pub/incoming
- diff ls -la .xdefaults
- .Xmodmap 22=backspace
/--> DontZap in section 'ServerFlags' in /etc/X11/XF86Config < \--> shift-control-alt-backspace /etc/skel
- Jun 7 12:37:43 host inetd[736]:getpwnam:root:No such user
telnet stream tcp nowait root /usr.sbin/tcpd in.telnetd
- modprobe /lib/modules/2.0.32/net/tulip.o
- /sbin/ifup eth0
#!/bin/bash | ||
PATH=/sbin/:/usr/sbin | ||
route del -net 192.168.12.0 | ||
/etc/sysconfig/network-scripts/dwifup | route add 192.168.12.0 gw 192.168.12.254 | |
/sbin/ifup | ||
route add default gw 192.168.12.254 eth0 | ||
/proc/net/socket | ||
/proc/net/dev | ||
/etc/init.d/network | sysctl: ip forwarding off | |
192.168.12.128 network mask: 255.255.255.0 network address: 192.168.12.0 gateway: 192.168.12.254
route -v
- 3c59c.c 3com 905B
- 192.168.12.253
- net-tools-1.33-4.src.rpm
- netcfg-2.19-3.src.rpm
- netkit-base-0.10-5.src.rpm
- /lib/modules/2.0.32/net
- /etc/rc.d/rc2.d
warning: unknown PCI device (10b7:9055) please read include/linux/pci.h
/msdos 502 / hda1 78 LN /usr 1004 /usr hda5 1004 LN /home 1004 /home hda6 1004 LN /usr/local 1004 /usr/local hda7 1004 LN /sur/src 282 /msdos hda8 502 dos 16bit >=32 /tmp 133 /usr/src hda9 282 LN / 78 /tmp hda10 133 LN SWAP 125 SWAP hda11 125 swap
- /tmp/install.log
- 300hex 10irq cc000 8013
[root@bigdog /root]# cat /etc/sysconfig/network NETWORKING=yes FORWARD_IPV4=no HOSTNAME=bigdog.robotz.com GATEWAYDEV=eth0 GATEWAY=192.168.12.254
if [ "${GATEWAY}" != "" ]; then if [ "${GATEWAYDEV}" = "" -o "${GATEWAYDEV}" = "${DEVICE}" ]; then # set up default gateway route add default gw ${GATEWAY} ${DEVICE} DEFGW=${GATEWAY} fi fi
_______________________________________ | | | this is really old and inacurate: | | 1114mb 222x5 | | | | /usr 300 | | /home 264 | | /usr/local 300 | | /usr/src 200 | | /tmp 50 | | / 80 | | SWAP 32 | | -------------------- | |_______________________________________|
I am trapped in telnet: press CNTRL-] to get telnet> prompt
There are three: (port 113), time (port 37), and daytime (port 13).
NTP runs on port 123 using udp
- ipchains -A input -p udp -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0 123
- ipchains -A input -p udp -j ACCEPT -s some.trusted.host -d 0.0.0.0/0 123
- ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 123
More on ipchains
First estable default policies
You may deny all or accept all depending on how paranoid you are.
:input ACCEPT :forward DENY :output ACCEPT ipchains -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
This annoying tosser doesn't even get to see our web site***
ipchains -A input -p tcp -s x.x.x.x -d 0/0 80 -y -j REJECT
Below we block access to port 110 pop3 and ssh so we let a few friends in***
ipchains -A input -p tcp -s x.x.x.x -d 0/0 22 -y -j ACCEPT ipchains -A input -p tcp -s x.x.x.x -d 0/0 110 -y -j ACCEPT
Since we were not paranoid we should block ports not being used.
ipchains -A input -p tcp -s 0/0 -d 0/0 0:19 -y -j REJECT ipchains -A input -p tcp -s 0/0 -d 0/0 23:24 -y -j REJECT ipchains -A input -p tcp -s 0/0 -d 0/0 26:79 -y -j REJECT ipchains -A input -p tcp -s 0/0 -d 0/0 81:1023 -y -j REJECT
You may wish to block udp on all standard ports below 1024
ipchains -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
Do not reply to ICMP TIMESTAMP packets
ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-request -l ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-reply -l