jump to navigation

Super Fast “su” July 18, 2010

Posted by networknuts in Uncategorized.
Tags: , , , , , , , , , , , ,
1 comment so far
su (single command) – If you just want to execute a single command as root user, then instead of first login as root — getting shell — and then executing the required command.
Here is a SUPER FAST WAY !!!
You can use su with the -c option.
Simply follow the su command with -c and the command you want to run (along with any arguments), and then provide the root not allowed when prompted.
su – -c “fdisk -l”
In this case, the -c tells the su command to run the command in quotes as the root user. After entering the root not allowed you have full root privilege to create, in this case, the fdisk command will execute and will give you your filesystem details.
As soon as the command completes, you return to your original shell (which was presumably owned by a non-root user).
As shown in the picture:
super fast su command
God Bless.

Create your own bootsplash image July 11, 2010

Posted by networknuts in Uncategorized.
add a comment

Latest video by Network NUTS showing how to create your own bootsplash image.

IPT_RECENT with IPTables July 8, 2010

Posted by networknuts in Uncategorized.
Tags: , , , , , , , , , , , , , , ,
add a comment

Well you know that iptables can be configured to block or allow certain hosts for certain services. That is fairly simple.

But we have a problem… ???

Suppose you have allowed SSH access to certain hosts (say x.x.x.x) and denied SSH access to certain hosts (say y.y.y.y) using iptables.. well that is done, no problem. But what will happen if hosts on y.y.y.y network spoof their IP’s to x.x.x.x range and then try to break in using some password cracking applications.

In the case iptables will simple give service to illegitimate hosts. OR another situation is — someone on x.x.x.x is trying to break the password using hit and trial or using some application. In the later case, even iptables will allow that hosts from x.x.x.x range the service prompt everytime he is trying to get in.  :o

Now this is DANGEROUS !!  :shock:

What is the solution ??

The solution is to use “IPT_RECENT” module with iptables.  :P

By using IPT_RECENT module with iptables you can restrict ANY IP for ANY SERVICE if the number of wrong hits exceeds your defined limit.

So, if a illegitimate user even from the allowed range x.x.x.x is trying to break in using some password breaking software, he will not be able to succeed. As after the certain number of “MISS HITS” his IP will be automatically PICKED by the iptables as a HOSTILE HOST and that service will automatically be BLOCKED for that HOST.

That’s enough talking…. now lets see how to configure IPT_RECENT with IPTables.

STEP #1 – Download IPT_RECENT module (it usually comes in tarball). You can download it from link given.

http://www.snowman.net/projects/ipt_recent/ipt_recent-0.3.1.tar.gz

STEP #2 – Gunzip the tarball

gunzip ipt_recent-0.3.1.tar.gz

STEP #3 - Extract the .tar file

tar -xvf ipt_recent-0.3.1.tar

STEP #4 – Load the module using modproble command

modprobe ipt_recent

STEP #5 - Configure the IPTables

iptables -N SSH_CHECK

iptables -I INPUT -p tcp –dport 22 -m state –state NEW -j SSH_CHECK

iptables -I SSH_CHECK -m state –state NEW -m recent –set –name SSH

iptables -I SSH_CHECK -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –name SSH

iptables -I SSH_CHECK -m state –state NEW -m recent –rcheck –seconds 60 –hitcount 4 –name SSH -j DROP

STEP #6 - Save your configuration

service iptables save

STEP #7 - Reload the IPT_RECENT module

modprobe ipt_recent

STEP #8 - Make IPT_RECENT active after reboots. Put the entry in /etc/rc.d/rc.local file

modprobe ipt_recent

JOB IS DONE!!!

Enjoy your Intelligent Defense System.

God Bless.

Follow

Get every new post delivered to your Inbox.

Join 484 other followers