Block music/download through Squid February 26, 2010
Posted by networknuts in 1.Tags: best training, block download using squid, linux, Network NUTS, redhat, rhca, rhce exam, rhce india, rhce training, rhcss india, rhcss training, squid, squid configuration
add a comment
We might need to BLOCK certain types of files to be downloaded, like mp3/mpeg/avi/exe and other and display our customized error-message.
STEP #1 – vim /etc/squid/squid.conf — add these lines under your ACL section
acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
# Deny all blocked extension
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles
STEP #2 – Create rule file for blocking certain types of file.
vi /etc/squid/blocks.files.acl
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
STEP #3 – Create customized error file under /usr/share/squid/errors/English/ directory.
vi ERR_BLOCKED_FILES
<HTML>
<HEAD>
<TITLE>ERROR: Blocked file content</TITLE>
</HEAD> <BODY>
<H1>File is blocked due to our IT policy</H1>
<p>Please contact Network NUTS admin for more information:</p>
STEP #4 - Restart the squid service.
service squid restart; chkconfig squid on
God Bless.
Check more on linux at http://networknuts.net
Intelligent DEfence Activation – IDEA January 27, 2010
Posted by networknuts in 1.Tags: automatically blocking hosts, blockhosts, denyhosts, how to block hostile hosts automatically, linux, networknuts.net, redhat linux, rhca, rhca in india, rhce, rhce in delhi, rhcss, rhcss in delhi
add a comment
Be prepare to read the whole post… don’t SKIP lines or words.
Normally for securing our machine against hostile machines, we need to check our log files periodically (like /var/log/secure) and then add those hostile machines manually into the TCP-WRAPPER or IP-Tables. This can be a pain in the neck.
This is how we traditionally secure our machines.
STEP #1. Check the log files (/var/log/secure) periodically.
STEP #2. Manually update the firewall or TCP-Wrapper for the illegal hosts or Ips.
Problem: Cannot be updated timely and may result in a compromise. Attacker may tries to intrude using some other service. Attacker may change IP, in that case your IPTables or TCP-WRAPPER will of no use.
Your wish!!!!!
WISH #1. My server should be able to track attacker IP.
WISH #2. My server should be able to block attacker IP, automatically.
WISH #3. My server should secure itself, automatically, from any attack from attacker IP.
All your wishes will comes true — you can use a small application named – BLOCKHOSTS for this purpose.
Lets first see how BLOCKHOST works:
Someone do ssh with wrong not allowed –> Event is logged in /var/log/secure –> blockhosts will check the log file for number of failed events –> If number of failed events exceeds above limit –> That hosts IP will be catch by blockhosts –> Put that hosts entry in TCP-Wrapper and Iptables to block any further communication, for a time period.
STEP #1. Download the latest version of blockhosts from:
STEP #2. Install the RPM
STEP #3. Configure the main configuration file /etc/blockhosts.cfg. Here are some common options that need to be configured for making blockhosts work for you.
Tell the blockhosts which file need to be updated for using TCP-WRAPPER, normally it will be /etc/hosts.allow
vim /etc/blockhosts.cfg
Under [common] section edit or activate this line:
HOSTS_BLOCKFILE = "/etc/hosts.allow"
Under [filters] section edit or activate these lines:
COUNT_THRESHOLD = 3
by this you had told blockhosts that block any host if the number of failed attempts exceeds 3
AGE_THRESHOLD = 1
by this you had told blockhosts that the denied host will not be allowed to communicate for next 1 hour
WHITELIST = [ "x.x.x.x" ]
by this you can tell blockhosts that these range of IP’s will never be blocked irrespective of how many number of failed attempts.
BLACKLIST = ["x.x.x.x" ]
by this you can tell blockhosts to block these IP’s permanently.
Under [blockhosts] section edit or activate these lines:
LOGFILES = [ "/var/log/secure", ]
by this line you had just told blockhosts to keep checking /var/log/secure (records SSH events) for failed attempts. You can also enable other lines as per your wishes.
SAVE and EXIT.
You had just configured the blockhosts as per your preferences.
Now its the time to activate the blockhosts for checking and blocking hostile machines automatically.
STEP #4. Edit /etc/hosts.allow file for blockhosts. Add these lines under /etc/hosts.allow
#-----Blockhosts Additions
#-----Blockhosts Additionssshd, proftpd, vsftpd: ALL: spawn /usr/bin/blockhosts.py \
--echo %c-%s --ipblock=iptables \
--whitelist="127.0.0.1" --blacklist="172.24.0.13"
PS: please replace 172.24.0.13 with the IP you wish to blacklist as per your network.
STEP #5. START the blockhosts.
blockhosts.py --verbose
this will make blockhosts reading your /var/log/secure file and trapping the hostile IP’s automatically. You can put this under cron to make blockhosts check periodically.
God Bless.
Disable mail alert by CRON January 25, 2010
Posted by networknuts in 1.Tags: crontab, crontab -e, disable mail alert cron, india's best training institute, Network NUTS, redhat, redhat linux, rhca, rhcss
add a comment
Normally, we had seen that after the crontab executes your cron job it sends you a email as a notification on root email.
I don’t want the email to be send on root account.
Here is how you can do this:
METHOD #1 - Add any one of the following at the end of the line for each cron job to redirect output to /dev/null.
>/dev/null 2>&1.
OR
&> /dev/null
Example – 1:
40 16 * * * /bin/echo "this will not be emailed to root" > /dev/null 2>&1
Example – 2:
40 16 * * * /bin/echo "this will not be emailed to root" &> /dev/null
So when this command will be executed by cron, NO email will be send on root account.
METHOD #2 – Disable mail by using MAILTO variable.
Just when you do crontab -e for editing your cron jobs. Add
MAILTO=" "
as your first line in the crontab file.
Enjoy.
God Bless.
How to crack weak passwords using “john-the-ripper” January 13, 2010
Posted by networknuts in 1.Tags: best linux training institute in india, crack password linux, how to break password in linux, john the ripper, linux networking, networking training, networknuts, redhat linux, rhca, rhca in india, rhce, RHCE in India, rhcss, RHCSS In India
add a comment
STEP #1 – Install “John-the-ripper” from the link given below and install using rpm
http://dag.wieers.com/rpm/packages/john/
STEP #2 – Use “unshadow” command to combine /etc/passwd and /etc/shadow files, so that john-the-ripper can use it.
/usr/bin/unshadow /etc/passwd /etc/shadow > /tmp/myfile.db
this command combines /etc/passwd and /etc/shadow file to be used.
STEP #3 – Use “john-the-ripper” to see the cracked passwords.
john -show /tmp/myfile.db
u1:abc123:505:505::/home/u1:/bin/bash
u2:didi123:506:506::/home/u2:/bin/bash
…shows user u1 has a password of abc123 and u2 has a password of didi123
God Bless.
Alok Srivastava
