LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-17-2006, 04:11 AM   #1
sathyguy
Member
 
Registered: Sep 2005
Location: Indian Working in Saudi Arabia
Distribution: Redhat Linux AS 3.0
Posts: 93

Rep: Reputation: 15
Correct me if im wrong for restricting SSH access - Urgent


Friends,

We have RHEL AS 3.0 with Oracle 9i database.
We have 5 branches(100 users) connecting to our oracle database which is inside the linux server.
We have to restrict the SSH connection by ipaddress.
We have not enabled the browsing(internet) option in our server.
I just want to disable everyone to access our server except from 3 ip's.
So please go through the following and correct me if im wrong....

Step 1:
/etc/hosts.deny
sshd: ALL

Step 2:
/etc/hosts.allow
sshd: 192.56.3.23 192.56.3.33 152.32.7.13

Step 3:
/etc/ssh/sshd_config

Port 110101010 (if i change the port number will it affects the users who are all connecting to oracle database?)

PasswordAuthentication no
PermitEmptyPassword no
StrictModes yes
Protocol 2

if i have to do any other changes in the step 3 please point out the changes.

Step 4:
i checked in /etc/sysconfig but there is no file called iptables.
there are 2 other files ip6tables-config and iptables-config.
So i thing the iptables are not installed. if its must then advice me the steps.
Also, after doing step1,2,3 the step 4 is not necessary....Am i right?


Finally my question is.....if i do the above changes in my linux box will it affect the oracle database which is inside our linux box?
And also, the users who are all connected to oracle database will be affected....

Please treat this as urgent.....

thanks & Regards
Sathyguy
 
Old 01-17-2006, 05:03 AM   #2
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
can't comment on the oracle part but for iptables u first run
# service iptables save

and it create a file /etc/sysconfig/iptables

simple rules for SSH in addition to tcp wrappers:

# iptables -A INPUT -s <allowed_IP> -d <server IP> -p tcp --dport 22 -j ACCEPT

# iptables -A INPUT -s <Your_NETWORK> -d <server IP> -p tcp --dport 22 -j REJECT

Hardcore rules:
# iptables -A INPUT -p tcp --dport 22 -m mac --mac-source <allowed machine MAC address> -j ACCEPT

# iptables -A INPUT -s <Your_NETWORK> -d <server IP> -p tcp --dport 22 -j REJECT

other wise your SSH look good. Two more options u might add to allow only particular users:

AllowUsers user1 user2 user3 usern
PermitRootLogin No

You can login as user1 and then su - root

Last edited by ~=gr3p=~; 01-17-2006 at 05:11 AM.
 
Old 01-17-2006, 05:15 AM   #3
sathyguy
Member
 
Registered: Sep 2005
Location: Indian Working in Saudi Arabia
Distribution: Redhat Linux AS 3.0
Posts: 93

Original Poster
Rep: Reputation: 15
gr3p
Thanks for your reply...
Suppose, im not at all touching the iptables....im doing all the rest of the changes...
will there be a security hole.
also, what about the port?

Can anyone help me in the oracle part of my question?
 
Old 01-17-2006, 06:59 AM   #4
Brian Knoblauch
Member
 
Registered: Jan 2005
Distribution: SuSE (x86), NetBSD (Sparc), Solaris (Sparc & 32-bit x86)
Posts: 278

Rep: Reputation: 30
Changing the SSH port shouldn't affect Oracle. Oracle connections I believe are on one of the (much higher) SQL ports. (1585 or something like that?). Not real sure anymore on the port number, haven't run Oracle for years
 
Old 01-17-2006, 11:59 PM   #5
sathyguy
Member
 
Registered: Sep 2005
Location: Indian Working in Saudi Arabia
Distribution: Redhat Linux AS 3.0
Posts: 93

Original Poster
Rep: Reputation: 15
gr3p
Now my question is....
Suppose, im not at all touching the iptables....
I mean...if im not creating the iptables....
im doing all the rest of the changes...
will there be a security hole.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
restricting user access with ssh rob_xx17 Linux - Security 4 01-05-2006 06:22 PM
Restricting SSH logins. bullium Linux - Security 3 05-10-2005 01:15 AM
Restricting SSH access by IP sooner5150 Linux - Security 3 11-18-2004 11:09 AM
Restricting SSH Access ErocM Linux - Security 4 02-20-2004 10:52 AM
restricting ssh macie Linux - Networking 1 12-09-2003 11:34 PM


All times are GMT -5. The time now is 02:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration