Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
06-16-2014, 11:32 AM
|
#46
|
Senior Member
Registered: Nov 2003
Distribution: Slackʍɐɹǝ
Posts: 1,486
|
Quote:
Originally Posted by eloi
That's the limitation in my approach.
|
Not sure I'm clear on what you mean.
Basically I split my data from then internet server. I have a "server" which holds my files and those are shared on my network via NFS/Samba, and it runs mySQL for the back end to typical tools such as Drupal, OwnCloud, Wordpress, etc. If you run Apache on that box and open it to the internet and someone does compromise it you risk them accessing/deleting your files/databases. By splitting apache onto another box and segregating it into a DMZ if someone compromises it then you just power it off.
Some scenarios that happen are apache (or whatever) web server process goes in the weeds due to someone throwing exploit attempts at it. Sometimes it will monopolize CPU to the point where you can't even SSH in. By having it separate and not having any data you can simply pull the plug.
Another scenario is they compromise your web box and just delete any data so they can have space for their botnet client or warez. By having no data on the web server and only a small subset of data exposed to it via an NFS mount they can only delete that small amount of data and thats only if they were able to get enough rights on the web server to access the remote data.
|
|
|
06-16-2014, 11:49 AM
|
#47
|
Moderator
Registered: May 2001
Posts: 29,415
|
szboardstretcher, eloi, you two stop quarrelling. Please help the OP directly or cease posting in this thread. Thanks.
|
|
|
06-16-2014, 01:12 PM
|
#48
|
Member
Registered: Nov 2010
Posts: 227
Rep:
|
Quote:
Originally Posted by unSpawn
szboardstretcher, eloi, you two stop quarrelling. Please help the OP directly or cease posting in this thread. Thanks.
|
This is not the first time you misunderstand me, I'm not quarrelling. This thread is about "security" (a subject of your interest till I know). My help consist in advising people here about the approach. Because what is dangerous and insecure is the approach of a lot of people (even experienced Unix users) not the software. Reread any of the 184 post I made here and you'll see that I am coherent with my thinking.
The first thing anyone must know about Unix is that you must *learn*. Unix in inexperienced hands is by far less secure than Windows. You cannot be secure running a Unix server without knowledge. Even the rm command is dangerous with a Windows user approach. That's why those that give you a fish instead of "teaching you to fish" are fooling you and fooling themselves. That's not real help.
I have better things to do with my life than quarrelling here or bearing, being 46 years old, some one making me shut up and playing to be my mom. Don't you find it ridiculous? Well understood, what I posted in answer to szboardstretcher is useful and very important for everyone here, you included.
Last edited by eloi; 06-16-2014 at 01:13 PM.
|
|
|
06-16-2014, 01:20 PM
|
#49
|
Member
Registered: Nov 2010
Posts: 227
Rep:
|
Quote:
Originally Posted by enine
Not sure I'm clear on what you mean.
|
I meant the approach I've explained about using the machine like a router. Like you've pointed the machine's CPU would bear with the attacks.
But, I said that thinking in very a simple home made server, with one IP and a home router.
|
|
|
06-16-2014, 01:38 PM
|
#50
|
Member
Registered: Nov 2010
Posts: 227
Rep:
|
Quote:
Originally Posted by enine
Some scenarios that happen are apache (or whatever) web server process goes in the weeds due to someone throwing exploit attempts at it. Sometimes it will monopolize CPU to the point where you can't even SSH in.
|
Well I originally thought the script I pasted here for apache. With this entry:
Code:
grep -h 'phpmyadmin\|w00tw00t' /var/log/httpd/*access_log \
| awk '{ print $1 }' | sort | uniq >/tmp/new-iplist
The phpmyadmin and w00tw00t were strings I found repeated on access_log hacking attempts (caveat: don't cut and paste it in your crontab ).
|
|
|
06-16-2014, 04:50 PM
|
#51
|
Member
Registered: Jan 2004
Location: Tacoma, WA
Distribution: Slackware 14
Posts: 265
Original Poster
Rep:
|
enine,
Thank you for the ASCII art. I was trying to figure out how to map this out.
Here was my original plan:
Code:
1.2.3.4 10.1.1.x
Internet ----> "router"- --------------> Internal network
^ ^
|80/443/25 |data ports
v v
192.168.1.x (VM hosted on 10.1.1.2)
Web Server/Gateway
My current thinking:
Code:
1.2.3.4 192.168.1.20
Internet ----> "router" -------------> Internal network
|
|80/443/25 - data ports
v |
192.168.1.8 (VM hosted on 192.168.1.20)
Web Server
I'm still trying to figure out how much damage could be done to the host, should the guest VM gets rooted. I do have an old P4 laptop laying around that I can place into service, if needed.
I've been around long enough to accept the fact that there will be multiple attempts to get into my network, and some will be successful. I have two critical devices on my network, a Slackware server (firewalled) and Windows 8.1 DAW, with a firewall and anti-virus software, integrated into Outlook. I don't click on email attachments unless I explicitly asked for the attachment.
-JJ
|
|
|
06-16-2014, 05:40 PM
|
#52
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by eloi
This is not the first time you misunderstand me, I'm not quarrelling.
|
Good. I am glad I won't see any more of this "Cooking with Mary" blog, "dangerous-idiot thing" and other such bunk from you, and your next posts in this or any other thread on LQ will reflect your adherence to the LQ Rules no matter what. Case closed.
|
|
|
06-18-2014, 06:16 AM
|
#53
|
Member
Registered: Nov 2010
Posts: 227
Rep:
|
Quote:
Originally Posted by kikinovak
In short, it works like an ATM. Enter the wrong password three times in a row, and everything disappears. I prefer this method over fail2ban.
|
Hi again,
I was trying your rules in my lan and I realize I had a lapsus. If I understand you well what you describe happens with and without the rules and I think is a ssh security measure.
CORRECTION: Ignore what I said here. I've tried it again, now I got how it works. Sorry
Last edited by eloi; 06-18-2014 at 07:20 AM.
Reason: Mistake
|
|
|
06-18-2014, 06:36 AM
|
#54
|
Member
Registered: Nov 2010
Posts: 227
Rep:
|
Quote:
Originally Posted by unSpawn
Good. I am glad I won't see any more of this "Cooking with Mary" blog, "dangerous-idiot thing" and other such bunk from you, and your next posts in this or any other thread on LQ will reflect your adherence to the LQ Rules no matter what. Case closed.
|
If you read my whole argument you'll understand that *in the context* the
"dangerous-idiot" is not a direct insult.
There are many ways of quarrelling and insulting. For example branding a
whole post taking one sentence or word out of context like you did.
Unless you feel yourself the only one with authority to quarrel or even insult
people here, the next time you make me "shut up", because that is what you did
even with "please" and "thanks", branding my post as "quarrelling" or
"off-topic" put a good argument on the table to support your judgment. At
least demonstrate that you really understand my point of view and (good)
intention like you've assured me in that private email time ago.
Finally, I guess this forum rules have some limits, I am not a child to bare
you teaching me manners or say to me how to express myself. If you don't like
what I say or my way, do what ever you're vocational policeman role dictates
you. Here you can.
Last edited by eloi; 06-18-2014 at 06:51 AM.
Reason: grammar
|
|
|
06-18-2014, 06:45 AM
|
#55
|
Member
Registered: Nov 2010
Posts: 227
Rep:
|
Quote:
Originally Posted by enine
typical tools such as Drupal, OwnCloud, Wordpress, etc. If you run Apache on that box and open it to the internet and someone does compromise it you risk them accessing/deleting your files/databases.
|
Another example of what I try to say. You talk about CPU performance and
security. Well I'd avoid using Drupal, OwnCloud, Wordpress, etc. exactly
because of that ;-).
|
|
|
06-18-2014, 07:10 AM
|
#56
|
Senior Member
Registered: Nov 2003
Distribution: Slackʍɐɹǝ
Posts: 1,486
|
I'm not using Wordpress, IIRC the OP is. I was playing around with Drupal some but it doesn't quite have the DMS capability I need so I could probably kill it. OwnCloud I'm using to sync my mobile devices. Unfortunately newer versions of Android removed the USB storage option so I needed some other method to get files on and off of my phone. Running my own server is more secure than having my calendar in google, files in dropbox, pictures in photboucket, etc. I have them all in one place, less connections to the outside, less accounts to maintain, etc.
|
|
|
06-18-2014, 07:30 AM
|
#57
|
Member
Registered: Nov 2010
Posts: 227
Rep:
|
@enine
I was taking a look to my router to configure a firewall like you describe. I have a linksys with dd-wrt. I can enter iptables commands manually but to save a default firewall I depend on the web interface. That's a bit annoying. Another limitation of dd-wrt is it has not ntpd.
I've made a try time ago with a home server, just a try. To be a option for me today I'd need a good bandwidth, where I live now is near to impossible. But some time in the future I will try .
|
|
|
06-18-2014, 08:26 AM
|
#58
|
Senior Member
Registered: Nov 2003
Distribution: Slackʍɐɹǝ
Posts: 1,486
|
Since my 'server' is just for me I found I don't require a lot of bandwidth. And when my mobiles are syncing while I'm at home its not using any bandwidth going to the ISP anymore I'm actually using less than if I were using dropbox/google calendar/etc.
|
|
|
06-18-2014, 11:30 AM
|
#59
|
Senior Member
Registered: May 2012
Location: Sebastopol, CA
Distribution: Slackware64
Posts: 1,038
|
Quote:
Originally Posted by enine
Since my 'server' is just for me I found I don't require a lot of bandwidth.
|
I run a "family and friends" server, and it doesn't use a lot of bandwidth either (averages just 5KB/s, with occasional bursts up to 25KB/s or so) despite a half-dozen active regular users and three semi-popular websites.
Here's yesterday's entries in the bandwidth log:
http://pastebin.com/274VgnyU
Most of that bandwidth is website traffic, with email coming in a distant second.
|
|
1 members found this post helpful.
|
06-30-2014, 02:31 PM
|
#60
|
Member
Registered: Nov 2010
Posts: 227
Rep:
|
Quote:
Originally Posted by Cesare
I wonder what would happen if tried to login as "hokus pokus 0.0.0.0/0" into a system where this script is running in a cron job.
|
I waited to have some time to investigate what I guess you tell me here. At that time I didn't answer you because I thought it could exist some ssh option I ignore or some hack to fake the ip address in entries like:
Code:
# grep Invalid /var/log/messages
Jun 12 20:09:58 lenovo sshd[1320]: Invalid user loco from 192.168.2.105
Jun 18 14:11:21 lenovo sshd[2953]: Invalid user loco from 192.168.2.104
Note that the regex 'Invalid user .* from .*' I use in my script is redundant in purpose, 'Invalid' would be enough. This syntax is used by sshd; login(1) uses a different syntax and dump to /var/log/secure (at least in Slackware).
I read carefully the ssh man page, tried some options and I still don't know what you meant.
Could you please explain and give some command line example?
I welcome comments like yours because they force me to investigate (honestly).
Last edited by eloi; 06-30-2014 at 02:37 PM.
|
|
|
All times are GMT -5. The time now is 08:59 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|