Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Let us assume you are managing a Linux server supporting an
Ecommerce website. Let us also assume that you have secured the server.
You removed telnet from all servers and installed the more secure ssh.
Let us say that the firewall configuration is as follows
conduit permit tcp host 192.168.5.10 eq 80 any
conduit permit tcp host 192.168.5.10 eq 443 any
conduit permit tcp host 192.168.5.10 eq 22 any
Suppose if a lower level tech calls you up at the middle of the night at
your home and says that he cannot ssh into one of the servers. Now you
try to log into the server from home using ssh, the first time you type
the passwd, it asks passwd again. You think you mistyped it and type
again. Now you are allowed into the server. What are the steps you will
take to make sure that the server is fine.
2)Suppose you figure out from the firewall logs that the webserver was
attacked from outside over port 22 and then used to connect an outside
server, what could be the most likely attack or vulnerability the
attacker used to compromise the webserver? What clues can you get from
your first attempts to log into the server using ssh? Where does this
clue point to? What will be your next course of action? What else you
could have done to prevent such an attack? Please answer all the
questions raised under this scenario.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.