LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-27-2006, 02:19 PM   #16
rookiepaul
Member
 
Registered: Jul 2005
Posts: 73

Original Poster
Rep: Reputation: 15

I finally managed to sort it after a whole weekend of trying with the following line in my sudoers file:

nobody ALL=(ALL) NOPASSWD: ALL

Thanks for all your help guys.

Rookie.
 
Old 03-28-2006, 10:01 PM   #17
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I know you stated this at the beginning, but just to reiterate for anyone else who comes across this thread:

This is a horrendously dangerous idea in terms of security and should under absolutely no circumstances be put on a live network.
 
Old 03-29-2006, 12:06 PM   #18
rookiepaul
Member
 
Registered: Jul 2005
Posts: 73

Original Poster
Rep: Reputation: 15
What would be the secure alternative?
 
Old 03-29-2006, 04:21 PM   #19
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Honestly, using ssh to log into the server to modify iptables is probably the best solution. Giving the Apache user control over your firewall rules is a seriously bad idea (an attacker could easily use DNAT to redirect all traffic to a malicious host for a man-in-the-middle attack). If you absolutely needed a remote GUI for manipulating iptables, you should at least use a protocol that encrypts traffic (like an ssl tunnel or ssh) and use a robust method of authentication. I'm not a fan of webmin, but I know it already has a module for remote iptables management and I would bet there are other similar solutions as well.
 
Old 03-29-2006, 05:02 PM   #20
rookiepaul
Member
 
Registered: Jul 2005
Posts: 73

Original Poster
Rep: Reputation: 15
Ha, but like I keep saying it's for a University project so we have to create the front end ourselves. I really Appreciate the input tho, thanks alot!
 
Old 03-29-2006, 08:28 PM   #21
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
In that case, you could improve it by using an https connection instead so that the auth credentials are passed over an encrypted link rather than in plaintext. Basic auth would work in that scenario, but one of the other forms of Apache-supported authentication might be better (like digest). It would also help if you could limit access to that PHP page using a directory container and specifying only a limited number of IPs. That should keep anyone from hammering away at it. I still don't like linking Apache and IPtables together due to issues if Apache/PHP gets exploited, but those improvements might help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES is running ? How? aurelio26 Linux - Newbie 7 11-20-2004 01:30 AM
Running nat with Iptables muppski Linux - Networking 1 11-10-2004 04:00 AM
running fedora iptables nightmare6667 Linux - Newbie 1 02-26-2004 08:07 AM
php and iptables hkerssies Programming 3 10-22-2003 02:14 PM
Iptables with gShield running over it Belyle Linux - Newbie 3 04-17-2003 07:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration