Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
08-01-2006, 06:28 PM
|
#31
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by MrSako
how do i make it "set right"
|
make it look like the one from my script... or better yet, use my script...
|
|
|
08-01-2006, 06:47 PM
|
#32
|
Member
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185
Original Poster
Rep:
|
i did. the contents of iptables_script is
Quote:
#!/bin/sh
IPT="/sbin/iptables"
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -p TCP -i eth0 -m multiport --dports \
21,22,25,80,110,10000 -m state --state NEW -j ACCEPT
|
and i did chmod +x becasue i beleive you need that for it to have permission to execute
|
|
|
08-01-2006, 06:49 PM
|
#33
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
does "/bin/sh" exist on your install?? it should be a link to your shell...
Code:
win32sux@carly:~$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 2006-07-29 17:15 /bin/sh -> bash
if not, then either make the link, or adjust the shebang (like to #!/bin/bash for example)...
|
|
|
08-01-2006, 07:09 PM
|
#34
|
Member
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185
Original Poster
Rep:
|
i think i do?
> ls -l /bin/sh
lrwxr-xr-x 1 root root 4 May 26 22:56 /bin/sh -> bash
it has different permissions or something i think?
|
|
|
08-01-2006, 07:16 PM
|
#35
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by MrSako
i did. the contents of iptables_script is
Code:
#!/bin/sh
IPT="/sbin/iptables"
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -p TCP -i eth0 -m multiport --dports \
21,22,25,80,110,10000 -m state --state NEW -j ACCEPT
and i did chmod +x becasue i beleive you need that for it to have permission to execute
|
i actually thought you were trying to get the cleanup/reset script to work, not this one... i thought you weren't gonna run this one until you were sure cron would cleanup all your chains at a certain time...
Quote:
Originally Posted by MrSako
i think i do?
> ls -l /bin/sh
lrwxr-xr-x 1 root root 4 May 26 22:56 /bin/sh -> bash
it has different permissions or something i think?
|
try setting the shebang to /bin/bash then...
i think something funny is going-on here, i'm just not sure what it is...
|
|
|
08-01-2006, 07:26 PM
|
#36
|
Member
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185
Original Poster
Rep:
|
how do i set shebang to /bin/bash? whats a shebang?
|
|
|
08-01-2006, 07:30 PM
|
#37
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by MrSako
how do i set shebang to /bin/bash? whats a shebang?
|
by editing the text... this is a shebang: http://en.wikipedia.org/wiki/Shebang_(Unix)
change this: to this:
Last edited by win32sux; 08-01-2006 at 07:34 PM.
|
|
|
08-01-2006, 07:37 PM
|
#38
|
Member
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185
Original Poster
Rep:
|
ok i get the shebanh thing now
/bin/bash still doesnt work
i remebered stuff like this you had to set when creating a user (it was called the shell) the root user is set to /bin/bash (if that matters)
|
|
|
08-01-2006, 07:40 PM
|
#39
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
create a text file called test.sh with this content:
Code:
#!/bin/bash
echo "Testing"
make it executable: execute it like this: and post the output here...
Last edited by win32sux; 08-01-2006 at 07:41 PM.
|
|
|
08-01-2006, 07:45 PM
|
#40
|
Member
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185
Original Poster
Rep:
|
[root@vps local]# chmod a+x test.sh
[root@vps local]# ./test.sh
: bad interpreter: No such file or directory
|
|
|
08-01-2006, 07:51 PM
|
#41
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by MrSako
[root@vps local]# chmod a+x test.sh
[root@vps local]# ./test.sh
: bad interpreter: No such file or directory
|
not sure what to tell you then my friend... i think you should wait a few hours to see if someone who knows what could be causing this behavior reads this thread and posts a solution... or maybe you'll figure it out on your own... but aside from that, you should probably open a new thread for this (software forum), cuz it's a completely different issue... once you have this sorted out, then we can continue with the iptables... you need to be able to execute shell scripts in order to work with iptables scripts... i hope you get this worked-out somehow... i personally don't have any ideas, though...
|
|
|
08-01-2006, 07:58 PM
|
#42
|
Member
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185
Original Poster
Rep:
|
could this have anything to do with the enviroment variables or anything like that
i know ive had other issues with enviroment variables etc in other server problems. my VPS host did some freaky setup and aren't willing to do anything about it (im probally gonna get a new host sooner or later)
|
|
|
08-01-2006, 08:01 PM
|
#43
|
Member
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185
Original Poster
Rep:
|
if i type in this line by line...
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -X
iptables -X -t nat
iptables -X -t mangle
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p TCP -i eth0 -m multiport --dports \ 21,22,25,80,110,10000 -m state --state NEW -j ACCEPT
would it create the same sort of affect? is there way to clear all previous rules (and test that it is)?
|
|
|
08-01-2006, 08:59 PM
|
#44
|
Member
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185
Original Poster
Rep:
|
ok i got it to execute
it said something like
iptables: no iptable or chain with that name exists or something
my shell closed becasue the connection timed out. and all my servers are no accesable. so something happened
in about 5 minutes lets hope i can go in and investiage
is there something i should look for?
|
|
|
08-01-2006, 09:05 PM
|
#45
|
Member
Registered: Nov 2004
Location: Horseheads, New York
Distribution: Mandriva 2010.1 / KDE 4.5.2, Slax, Knoppix, Backtrack & etc...
Posts: 198
Rep:
|
I had asked where you reside there MrSeko, and now wonder exactly what you're using there vis software and hardware. It sounds to me your basic setup is something I have never heard of, remotely contemplated, or understand in the least. I agree with win32sux, you have a problem beyond anything I've ever heard of. On my end, internet access is stupid-simple and iptables is a dream come true.
|
|
|
All times are GMT -5. The time now is 10:57 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|