Wednesday, February 16, 2011

Disable SSH root login


Here is the step by step procedure to disable/deny direct root login via SSH

1. Login to the server as Root
2. Edit /etc/ssh/sshd_config

    Look for the line,

  PermitRootLogin=Yes
 
and then change the value of it to,

  PermitRootLogin=No 

3. Restart the sshd service and make sure its turned on
    service sshd restart        or     /etc/init.d/sshd restart
   
    service sshd status

Recover Bad Superblock in RedHat / CentOS /Fedora Filesystem


If  you get a ¨Damaged Superblock¨ error message at filesystem (fsck) check in Linux Server, Usually fsck will not be able to repair the file system due to bad super block. In these situations, we can recover the damaged super block from the backup. 

Solution:


There are backups of the Superblock located on several positions and we can restore them with a simple command in a Linux server


By default in Linux, the file system creates the backup of  super block in the following locations:

193, 3276, 9804, 16840, 22976 and 29912.


Note: 193 is only on older systems  in many cases. 3276 is the most current position for the first backup

When you get this "damaged superblock or bad superblock error" and if  you get a root-prompt in a recovery console, then issue the following command:

# e2fsck -b 3276 /dev/sda5

Now the System will check the filesystem with the information stored in that backup superblock and if the check was successful it will restore the backup to position 0.

If this is not successful, then try using the other copy of Superblock backup (Refer the backup location of superblock above)


Monday, February 7, 2011

How to make a secure tunnel connection to a Cent OS from a MAC client through ssh

Let's say that you are on a coffe in down-town where you have wi-fi and your laptop with you, and you want to browse secure. You should know that a wireless connection is always unsecure, because anybody can sniff your packets and find out what you're doing on your laptop.

The Cent OS that we are going to use, has a ssh server up and running and connected to internet. So the tunneling that we are going to make can route any applications that supports SOCKS5 proxy.

So let's connect to our ssh server by using terminal:



Now we can setup any applications that supports SOCKS5 proxy to use this secure ssh tunneling.

Example:

Setting up Firefox browser to use our SOCKS5 proxy connection.

We open up firefox and go to preferences: Firefox->preferences, which is different by your version of Firefox. We go to Advanced tab and then Network and we click Settings.



We click manual proxy configuration like in this image, then onsocks input we enter localhost and on the port input we enter 10000 that we used to setup our SOCKS5 proxy tunneling. Then we click OK.


We can check now that we are using ssh tunneling by running a website that shows our ip adress, likehttp://www.ip-adress.com and we should see the Cent OS ip adress.

Monday, January 24, 2011

IPTABLES on CentOS / Fedora / RedHat

Since kernel version 2.4, there is a built in system for package filtering known as Netfilter. To use Netfilter, during kernel compiling CONFIG_NETFILTER must be included. Also ip_forward must be enabled:
echo 1 > /proc/sys/net/ipv4/ip_forward
Package filtering works on Internet layer of TCP/IP protocol. Filtering rules can be defined based on a transport layer header(port number) and connection layer (source IP address). During filtering, package content is not being checked.
Netfilter filtering chains work in kernel mode. In user mode works special tool called – iptables, which requires root user privilegies and it's used to configure:
- filter chains,
- NAT tables,
- mangle tables.
Netfilter uses three filters, INPUT, OUTPUT, FORWARD, realised in form of chains. Each chain contains a set of rules that filters packages. If some package sattisfies a rule, an action gets to be applied, like accepting or rejecting package.
Iptables commands:
-A (Add rule to the end of chain).
-D (Delete rule from chain).
-R (Replace rule in chain).
-I (Add numeric rule in chain).
-L (List rules).
-F (Delete all rules from chain).
Deleting the chains:
# iptables -F INPUT
# iptables -F OUTPUT
# iptables -F FORWARD
Here are some basic examples of iptables usage.
1. Blocking IP with iptables:
# iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
# iptables -A OUTPUT -d xxx.xxx.xxx.xxx -j DROP
* instead xxx.xxx.xxx.xxx www.abc.com can be added.
2. Opening ports:
First thing you need to do is check if ports are already opened. It's done using nmap, free program, and it's distributed in most distros.
# nmap -sT xxx.xxx.xxx.xxx
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap run completed -- 1 IP address scanned in 0.941 seconds.
As we see, on this list port 25 is not opened. Let's open port 25 for SMTP traffic.
# iptables -A INPUT -p tcp --dport 25 -j ACCEPT
3. Enabling other hosts to ping:
# iptables -A INPUT -p icmp -s xxx.xxx.xxx.xxx/xx –icmp-type echo-request -j ACCEPT
# iptables -A INPUT -p icmp -d xxx.xxx.xxx.xxx/xx –icmp-type echo-reply -j ACCEPT
4. Restricting access by time of the day:
# iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d xxx.xxx.xxx.xxx --dport 22 -m state
--state NEW,ESTABLISHED -m time --timestart 09:00 --timestop 18:00
--days Mon,Tue,Wed,Thu,Fri -j ACCEPT  

5. Keeping logs about rejected packages:

# iptables -A OUTPUT -j LOG
# iptables -A OUTPUT -j DROP
# iptables -A INPUT -j LOG
# iptables -A INPUT -j DROP
# iptables -A FORWARD -j LOG
# iptables -A FORWARD -j DROP