Quote:
Originally Posted by renree
After some major searching all advice on server security points to the iptables. So I attempted to edit it, but due to my poor understanding I think I edited the wrong file.
|
It would be useful to know which file you edited. Is it possible that you just changed the file permissions and the file contents are unchanged?
Quote:
Thinking I just need to re-install iptables I attempted to do that and now I'm stuck.
|
OK, I guess you are aware that there is a danger that you are making the problem worse.
How did you re-install iptables?
Let's quickly run through the basics, to try to stop you making more errors. iptables/netfilter is a firewall program; there should never by any reason to mess with the iptables code itself as configuration is done by...
- writing a 'ruleset' (a set of rules in a simple-ish programming language that instructs iptables what to do)
- modifying the environment in which iptables runs (so setting various kernel parameters that configure the general networking environment)
Mostly, you do the first of those two, but probably there are a couple of things that will need the second and they may or may not be set up correctly before you start configuring the box.
You could instantiate (put in to place) the ruleset in several ways, but using a bash script that runs on start-up and sets up all of your rules has much to recommend it (you could also incerementally modify whatever rules that you start from, maybe also from a bash script).
have a look at tutorials at:
http://www.linuxhomenetworking.com/w...Using_iptables
http://iptables-tutorial.frozentux.net/
(the first is probably more what you want; the second is more like a manual than a tutorial....still good though)
(Note also: there are 'simple' GUI front ends to iptables (there is a large selection of them; don't try to get me to select any one as I don't know, but there are several threads that discuss them). You might argue that you don't want a gui on your server....and that would be a fair comment and a desirable aim, but....you could, potentially run the GUI app on your local machine to generate the ruleset and then copy that ruleset over to the server box, and that would be a good setup from a security point of view.)
Quote:
I've go a huge hole in my security and no means of closing the door.
|
Right now, you are not in the best position; you should ensure that you do not have unnecessary services listening on ports that could be exploited; you need to get back to a situation in which you have proper security measures in place ASAP. I am not clear what you have installed that is worthwhile and how much reconfiguration it took you to get here, but do you want to consider re-building the box from the ground up? (I assume that this is a service offered by your hosting organisation.)
Quote:
I'm running Fedora 6 (Zod) Kernel 2.6.18-1.2869.fc6 on an i686 and Im tried to re-install iptables-1.3.5
|
Hmmm, that's not what I would have been expecting fathosts (sorry) to be offering as a server...is this their default offering?