Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
02-21-2005, 04:31 PM
|
#1
|
Member
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285
Rep:
|
someone eavesdropping on me?
Hello
I was just typing a post and then a box came up saying it could not grab my mouse, someone may be eavesdropping on me. Then another came up about the keyboard.
The mouse + keyboard still worked but everything stopped responding.
I did Ctrl-Alt-Backspace to bring me back to the login and its been fine since...
Whats happening? I dont have a firewall on here I was under the impression that IPtables was installed by default. Plus this is going thru the internet thru my XP box, which has a firewall.
Help?! I'm not being hacked am I?
Hong
|
|
|
02-21-2005, 04:42 PM
|
#2
|
Member
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720
Rep:
|
Hey
Iptables may be installed by default, but you have to set the rules (ie "computer let me access this port") yourself.
I can't comment on the hacking bit, but I'm sure someone will help you out. In the meantime, I strongly suggest looking to setting up a proper firewall on your server. Your won't need anything difficult.
hamish
|
|
|
02-21-2005, 04:59 PM
|
#3
|
Member
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285
Original Poster
Rep:
|
Quote:
Iptables may be installed by default, but you have to set the rules (ie "computer let me access this port") yourself.
|
OK...can someone help me/elaborate on this please...
Quote:
I can't comment on the hacking bit, but I'm sure someone will help you out. In the meantime, I strongly suggest looking to setting up a proper firewall on your server. Your won't need anything difficult.
|
Any reco's?
|
|
|
02-21-2005, 05:20 PM
|
#4
|
Member
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720
Rep:
|
Regarding firewall, I assume that your computer isn't serving anything to the Internet (ie, you don't run a webserver or anything).
Therefore, you basically just want to allow all request OUT of your box, but not allow any into your box.
If you have iptables installed, you should be able to start it by running:
# /etc/init.d/iptables start
Assuming that your disribution has installed the correct iptables as modules, then these will be loaded. Most distros do have iptables in the kernel by default. If not, you will have to recompile the kernel.
Assuming that you do get iptables started, then you should download this code, and paste it into a file called firewall-script.sh
Code:
#!/bin/sh
#The first line is just a regular header for a script.
#I now assume that your network interface is named as eth0.
#Change the following line to match your configuration.
EXT=eth0
#Next, clean everything, so old firewall confgurations don't get on the way:
iptables --flush
iptables --table nat --flush
#Without arguments, the --delete-chain deletes all the additional chains.
iptables --delete-chain
#Disallows everything not explicitly allowed:
iptables --policy INPUT DROP
iptables --policy FORWARD DROP
iptables --policy OUTPUT DROP
#We want to allow ourself to send anything (this reverts the previous OUTPUT policy)
iptables --policy OUTPUT ACCEPT
#Allow the machine to connect to itself:
iptables --append INPUT --in-interface lo --jump ACCEPT
#Recieve anything from others in case you have first initiated a connection (eg. get a web page when you ask for one):
# Get ping replies from others:
iptables --append INPUT --in-interface $EXT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Recieve ping requests from others:
iptables --append INPUT --in-interface $EXT -p icmp --icmp-type echo-request -j ACCEPT
####### PORT SPECIFIC REQUESTS #######
# ssh this is a service which you will probably be running, and it is a good idea to let yourself SSH into your computer.
iptables --append INPUT --in-interface $EXT -p tcp --destination-port 22 -j ACCEPT
this script assumes that your NIC is eth0.
now, do:
# chmod +x firewall-script.sh
# sh firewall-script.sh
this will load the rules into the firewall.
do:
# iptables -nvL
and you should see something like:
Code:
hamish@pi hamish $ sudo /sbin/iptables -nvL
Chain INPUT (policy DROP 56450 packets, 4800K bytes)
pkts bytes target prot opt in out source destination
2223K 338M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
16M 17G ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8
392 22012 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Now, assuming you can still do everything you want to do, save those rules to the computer.
# iptables-save
Hope this helps. Basically, it sets out what to do once you have iptables running. Some other members will no doubt be able to help you some more.
hamish
|
|
|
02-21-2005, 05:37 PM
|
#5
|
Member
Registered: Jul 2004
Location: Palo Alto, CA
Distribution: #! Korora
Posts: 472
Rep:
|
A bunch of firewalls in
http://www.websamba.com/Linux_Docs_Links
-> Softwares
-> firewll
Firestarter seems to be a commom one.
Sheng-Chieh
|
|
|
02-21-2005, 05:44 PM
|
#6
|
Senior Member
Registered: May 2004
Location: Australia
Distribution: Gentoo
Posts: 3,545
Rep:
|
I don't know for sure but I read somewhere that all the linux firewalls like Firestarter and Guarddog are simply GUI front ends for iptables.
|
|
|
02-21-2005, 07:50 PM
|
#7
|
Member
Registered: Jan 2005
Location: middle of a cornfield, IL
Distribution: Kanotix HD Install, Debian Testing, XP Pro,Vista RC1
Posts: 145
Rep:
|
I have used Firestarter on my Fedora machine and it is an easy setup for iptables. It also works well.
|
|
|
02-22-2005, 03:56 AM
|
#8
|
Member
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285
Original Poster
Rep:
|
Brilliant, thanks for the replies.
So Guarddog and Firestarter are gui's for iptables...interesting...
Do I have to manually start iptables each time I log on? If so, how would I do that?
And yes, for now just allowing all outgoing is fine. But I will want to use it to serve in the near future as a webserver and ftp...will this be sufficient?
I found one called Smoothwall Express - any opinions on that?
I'll do more when I gt in from work.
Thanks
Hong
|
|
|
02-22-2005, 05:22 AM
|
#9
|
Member
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720
Rep:
|
I assume you have a distro installed on your linux machine, and that you are not just using Knoppix LiveCD.
If you have a distro installed, then you can tell iptables to start on boot. And it will use the rules which you saved, using iptables-save.
Smoothwall might be a distribution in itself. As it, a small distro which you install on a dedicated server for routing.
If you want to allow sharing on FTP and websites, add these two lines to the firewall script:
Code:
# http
iptables --append INPUT --in-interface $EXT -p tcp --destination-port 80 -j ACCEPT
# ftp
iptables --append INPUT --in-interface $EXT -p tcp --destination-port 21 -j ACCEPT
hamish
|
|
|
02-22-2005, 12:35 PM
|
#10
|
Member
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285
Original Poster
Rep:
|
Hi all, in from work now.
Ok, so I am going to try and create this script called fire-script.sh...but where do I create it? Do i just paste that into Kedit and save as firewall-script.sh?
Thanks
Hong
|
|
|
02-22-2005, 12:36 PM
|
#11
|
Member
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285
Original Poster
Rep:
|
Oh, and yes this is a full HDD install, NOT a LiveCD install.
|
|
|
02-22-2005, 03:49 PM
|
#12
|
Senior Member
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380
Rep:
|
You need to do the following;
Copy the above to an editor and save it in /etc/init.d as rc.firewall. To make it executable cd to /etc/init.d and do as root in a console chmod +x rc.firewall. Now you need to get it to start automatically at boot time so do the following;
ln -s rc.firewall /etc/rc2.d/S89firewall
ln -s rc.firewall /etc/rc3.d/S89firewall
ln -s rc.firewall /etc/rc4.d/S89firewall
ln -s rc.firewall /etc/rc5.d/S89firewall
A tip here to make this quicker than typing the whole thing each time; when you have done the first one, up-arrow and the line will appear again so just use the left arrow to go back to rc2.d and change it to 3 then go to the end of the line and press return and so on.
|
|
|
09-17-2005, 03:29 PM
|
#13
|
Senior Member
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,495
Rep:
|
I had the same pop up in Ubuntu 5.04 about could not grab mouse and eavesdropping. I did not see any problems. Nothing locked up. I was trying to open Synaptic. Synaptic still works. Untill recently I could not login anymore. I used Knoppix as a recovery disk to get all my impoortant files backed up and installed FreeBSD.
|
|
|
09-18-2005, 12:29 AM
|
#14
|
LQ Guru
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
|
Get a cheap machine, like a Celeron 650 MHz. Put in two network cards. Make sure it has a CD drive. Go online and download the .iso for Smoothwall. Burn it to a CD. Hook up a monitor and keyboard to the Celeron. Boot from the Smoothwall CD you made. Install Smoothwall. After you get done, shut down Smoothwall. Hook up internet to the red interface, and your PC to the green interface. Then, boot Smoothwall. Boot your PC. Now you have a packet dropping firewall with a network address translator. This is not to be confused with a packet filtering firewall, which comes with most linux distros. A port scan can learn a lot about a machine with a packet filtering firewall. A packet dropping firewall looks like an unused IP to a port scanner. Unless someone knows your IP, and knows you have Smoothwall, it is impenetrable. it works flawlessly for years on end. I have never had it fail, or need rebooting. It makes you completely invisible. I tried the famous network security hacker, Saint, on it. I tried every test to hack that firewall. Everything timed out, with no result. Saint thought it was a dead connection. Saint is the most sophisticated network penetration tool available. It comes with SuSE linux. It is great for testing security. Don't use it for anything illegal. Saint is like jail bait. You can really, seriously get into trouble for scanning other people's systems. Scan your own, though.
|
|
|
09-18-2005, 03:34 PM
|
#15
|
Senior Member
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,495
Rep:
|
Quote:
Originally posted by TigerOC
You need to do the following;
Copy the above to an editor and save it in /etc/init.d as rc.firewall. To make it executable cd to /etc/init.d and do as root in a console chmod +x rc.firewall. Now you need to get it to start automatically at boot time so do the following;
ln -s rc.firewall /etc/rc2.d/S89firewall
ln -s rc.firewall /etc/rc3.d/S89firewall
ln -s rc.firewall /etc/rc4.d/S89firewall
ln -s rc.firewall /etc/rc5.d/S89firewall
A tip here to make this quicker than typing the whole thing each time; when you have done the first one, up-arrow and the line will appear again so just use the left arrow to go back to rc2.d and change it to 3 then go to the end of the line and press return and so on.
|
A better way to do that is to program a for loop, while loop, or do while loop.
|
|
|
All times are GMT -5. The time now is 02:18 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|