LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-16-2014, 11:32 AM   #46
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackʍɐɹǝ
Posts: 1,486
Blog Entries: 4

Rep: Reputation: 282Reputation: 282Reputation: 282

Quote:
Originally Posted by eloi View Post
That's the limitation in my approach.
Not sure I'm clear on what you mean.

Basically I split my data from then internet server. I have a "server" which holds my files and those are shared on my network via NFS/Samba, and it runs mySQL for the back end to typical tools such as Drupal, OwnCloud, Wordpress, etc. If you run Apache on that box and open it to the internet and someone does compromise it you risk them accessing/deleting your files/databases. By splitting apache onto another box and segregating it into a DMZ if someone compromises it then you just power it off.

Some scenarios that happen are apache (or whatever) web server process goes in the weeds due to someone throwing exploit attempts at it. Sometimes it will monopolize CPU to the point where you can't even SSH in. By having it separate and not having any data you can simply pull the plug.
Another scenario is they compromise your web box and just delete any data so they can have space for their botnet client or warez. By having no data on the web server and only a small subset of data exposed to it via an NFS mount they can only delete that small amount of data and thats only if they were able to get enough rights on the web server to access the remote data.
 
Old 06-16-2014, 11:49 AM   #47
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
szboardstretcher, eloi, you two stop quarrelling. Please help the OP directly or cease posting in this thread. Thanks.
 
Old 06-16-2014, 01:12 PM   #48
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by unSpawn View Post
szboardstretcher, eloi, you two stop quarrelling. Please help the OP directly or cease posting in this thread. Thanks.
This is not the first time you misunderstand me, I'm not quarrelling. This thread is about "security" (a subject of your interest till I know). My help consist in advising people here about the approach. Because what is dangerous and insecure is the approach of a lot of people (even experienced Unix users) not the software. Reread any of the 184 post I made here and you'll see that I am coherent with my thinking.

The first thing anyone must know about Unix is that you must *learn*. Unix in inexperienced hands is by far less secure than Windows. You cannot be secure running a Unix server without knowledge. Even the rm command is dangerous with a Windows user approach. That's why those that give you a fish instead of "teaching you to fish" are fooling you and fooling themselves. That's not real help.

I have better things to do with my life than quarrelling here or bearing, being 46 years old, some one making me shut up and playing to be my mom. Don't you find it ridiculous? Well understood, what I posted in answer to szboardstretcher is useful and very important for everyone here, you included.

Last edited by eloi; 06-16-2014 at 01:13 PM.
 
Old 06-16-2014, 01:20 PM   #49
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by enine View Post
Not sure I'm clear on what you mean.
I meant the approach I've explained about using the machine like a router. Like you've pointed the machine's CPU would bear with the attacks.

But, I said that thinking in very a simple home made server, with one IP and a home router.
 
Old 06-16-2014, 01:38 PM   #50
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by enine View Post
Some scenarios that happen are apache (or whatever) web server process goes in the weeds due to someone throwing exploit attempts at it. Sometimes it will monopolize CPU to the point where you can't even SSH in.
Well I originally thought the script I pasted here for apache. With this entry:

Code:
grep -h 'phpmyadmin\|w00tw00t' /var/log/httpd/*access_log \
        | awk '{ print $1 }' | sort | uniq >/tmp/new-iplist
The phpmyadmin and w00tw00t were strings I found repeated on access_log hacking attempts (caveat: don't cut and paste it in your crontab ).
 
Old 06-16-2014, 04:50 PM   #51
jjthomas
Member
 
Registered: Jan 2004
Location: Tacoma, WA
Distribution: Slackware 14
Posts: 265

Original Poster
Blog Entries: 2

Rep: Reputation: 34
enine,

Thank you for the ASCII art. I was trying to figure out how to map this out.

Here was my original plan:
Code:
1.2.3.4                               10.1.1.x
Internet ----> "router"- 	   --------------> Internal network
          		^          ^
             		|80/443/25 |data ports
             		v          v
             		192.168.1.x (VM hosted on 10.1.1.2)
             		Web Server/Gateway
My current thinking:
Code:
1.2.3.4                                192.168.1.20
Internet ----> "router" -------------> Internal network  
             		|          
             		|80/443/25 - data ports
             		v          |
             		192.168.1.8 (VM hosted on 192.168.1.20)
             		Web Server
I'm still trying to figure out how much damage could be done to the host, should the guest VM gets rooted. I do have an old P4 laptop laying around that I can place into service, if needed.

I've been around long enough to accept the fact that there will be multiple attempts to get into my network, and some will be successful. I have two critical devices on my network, a Slackware server (firewalled) and Windows 8.1 DAW, with a firewall and anti-virus software, integrated into Outlook. I don't click on email attachments unless I explicitly asked for the attachment.

-JJ
 
Old 06-16-2014, 05:40 PM   #52
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by eloi View Post
This is not the first time you misunderstand me, I'm not quarrelling.
Good. I am glad I won't see any more of this "Cooking with Mary" blog, "dangerous-idiot thing" and other such bunk from you, and your next posts in this or any other thread on LQ will reflect your adherence to the LQ Rules no matter what. Case closed.
 
Old 06-18-2014, 06:16 AM   #53
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by kikinovak View Post
In short, it works like an ATM. Enter the wrong password three times in a row, and everything disappears. I prefer this method over fail2ban.
Hi again,

I was trying your rules in my lan and I realize I had a lapsus. If I understand you well what you describe happens with and without the rules and I think is a ssh security measure.


CORRECTION: Ignore what I said here. I've tried it again, now I got how it works. Sorry

Last edited by eloi; 06-18-2014 at 07:20 AM. Reason: Mistake
 
Old 06-18-2014, 06:36 AM   #54
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by unSpawn View Post
Good. I am glad I won't see any more of this "Cooking with Mary" blog, "dangerous-idiot thing" and other such bunk from you, and your next posts in this or any other thread on LQ will reflect your adherence to the LQ Rules no matter what. Case closed.
If you read my whole argument you'll understand that *in the context* the
"dangerous-idiot" is not a direct insult.

There are many ways of quarrelling and insulting. For example branding a
whole post taking one sentence or word out of context like you did.

Unless you feel yourself the only one with authority to quarrel or even insult
people here, the next time you make me "shut up", because that is what you did
even with "please" and "thanks", branding my post as "quarrelling" or
"off-topic" put a good argument on the table to support your judgment. At
least demonstrate that you really understand my point of view and (good)
intention like you've assured me in that private email time ago.

Finally, I guess this forum rules have some limits, I am not a child to bare
you teaching me manners or say to me how to express myself. If you don't like
what I say or my way, do what ever you're vocational policeman role dictates
you. Here you can.

Last edited by eloi; 06-18-2014 at 06:51 AM. Reason: grammar
 
Old 06-18-2014, 06:45 AM   #55
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by enine View Post
typical tools such as Drupal, OwnCloud, Wordpress, etc. If you run Apache on that box and open it to the internet and someone does compromise it you risk them accessing/deleting your files/databases.
Another example of what I try to say. You talk about CPU performance and
security. Well I'd avoid using Drupal, OwnCloud, Wordpress, etc. exactly
because of that ;-).
 
Old 06-18-2014, 07:10 AM   #56
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackʍɐɹǝ
Posts: 1,486
Blog Entries: 4

Rep: Reputation: 282Reputation: 282Reputation: 282
I'm not using Wordpress, IIRC the OP is. I was playing around with Drupal some but it doesn't quite have the DMS capability I need so I could probably kill it. OwnCloud I'm using to sync my mobile devices. Unfortunately newer versions of Android removed the USB storage option so I needed some other method to get files on and off of my phone. Running my own server is more secure than having my calendar in google, files in dropbox, pictures in photboucket, etc. I have them all in one place, less connections to the outside, less accounts to maintain, etc.
 
Old 06-18-2014, 07:30 AM   #57
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
@enine

I was taking a look to my router to configure a firewall like you describe. I have a linksys with dd-wrt. I can enter iptables commands manually but to save a default firewall I depend on the web interface. That's a bit annoying. Another limitation of dd-wrt is it has not ntpd.

I've made a try time ago with a home server, just a try. To be a option for me today I'd need a good bandwidth, where I live now is near to impossible. But some time in the future I will try .
 
Old 06-18-2014, 08:26 AM   #58
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackʍɐɹǝ
Posts: 1,486
Blog Entries: 4

Rep: Reputation: 282Reputation: 282Reputation: 282
Since my 'server' is just for me I found I don't require a lot of bandwidth. And when my mobiles are syncing while I'm at home its not using any bandwidth going to the ISP anymore I'm actually using less than if I were using dropbox/google calendar/etc.
 
Old 06-18-2014, 11:30 AM   #59
ttk
Senior Member
 
Registered: May 2012
Location: Sebastopol, CA
Distribution: Slackware64
Posts: 1,038
Blog Entries: 27

Rep: Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484
Quote:
Originally Posted by enine View Post
Since my 'server' is just for me I found I don't require a lot of bandwidth.
I run a "family and friends" server, and it doesn't use a lot of bandwidth either (averages just 5KB/s, with occasional bursts up to 25KB/s or so) despite a half-dozen active regular users and three semi-popular websites.

Here's yesterday's entries in the bandwidth log:

http://pastebin.com/274VgnyU

Most of that bandwidth is website traffic, with email coming in a distant second.
 
1 members found this post helpful.
Old 06-30-2014, 02:31 PM   #60
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by Cesare View Post
I wonder what would happen if tried to login as "hokus pokus 0.0.0.0/0" into a system where this script is running in a cron job.
I waited to have some time to investigate what I guess you tell me here. At that time I didn't answer you because I thought it could exist some ssh option I ignore or some hack to fake the ip address in entries like:

Code:
# grep Invalid /var/log/messages
Jun 12 20:09:58 lenovo sshd[1320]: Invalid user loco from 192.168.2.105
Jun 18 14:11:21 lenovo sshd[2953]: Invalid user loco from 192.168.2.104
Note that the regex 'Invalid user .* from .*' I use in my script is redundant in purpose, 'Invalid' would be enough. This syntax is used by sshd; login(1) uses a different syntax and dump to /var/log/secure (at least in Slackware).

I read carefully the ssh man page, tried some options and I still don't know what you meant.

Could you please explain and give some command line example?

I welcome comments like yours because they force me to investigate (honestly).

Last edited by eloi; 06-30-2014 at 02:37 PM.
 
  


Reply

Tags
email, internet, slackware, www


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu server works on LAN but can not get to the internet or the internet to it. techyjpt Linux - Networking 20 05-08-2012 02:41 PM
[SOLVED] Sharing internet connection(wireless server internet, wired network client) vladimir1986 Linux - Networking 4 07-25-2011 10:34 AM
internet server that use a prepaid account to access the internet elgieb1 Linux - General 0 02-19-2007 11:59 PM
Slackware 10.2 Problems: Display Server/SAMBA/Lisa/Finding the internet Steven_Shelton Slackware 7 11-22-2005 01:13 AM
Unable to access my ssh server and ftp server from the Internet, but smtp works foxone Linux - Networking 1 05-28-2004 05:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration