My name is Vasyl Khrystiuk‎ > ‎process‎ > ‎main‎ > ‎

Some server configs

Tags: linux_tag, ssh_tag


Subnet calculator can be found here.

For creatings rules use "iptables" util.

Basic information and scripts examples can be found here.

See current iptables status can be done by typing command:

sudo iptables -L -v

Savings iptables to file "/home/msangel/iptables.save"can be done by command:

sudo iptables-save > /home/msangel/iptables.save

Restoring iptables from file can be done by command:

sudo iptables-restore < /home/msangel/iptables.save

For autoload iptables on server restart add line above (without sudo)to file /etc/rc.local before "exit 0"

For finding open ports use:

nmap <host>

For getting PID of progess that use port:

sockstat | grep <port>

or

netstat -lnptua | grep <port>

For getting command line or process with PID:

ps -aux | grep <PID>

Network settings for DB server:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth2
iface eth2 inet static
address 192.168.0.101
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

Iptables rules for some PostgreSQL DB server:

# all for DB
# allow any established session
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# allow any for lo
iptables -A INPUT -i lo -j ACCEPT 
# allow ping
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# allow ssh only from our subnet
iptables -A INPUT -p tcp --dport ssh -s 192.168.0.0/255.255.255.0 -j ACCEPT
# allow any database
iptables -A INPUT -p tcp --dport 5432 -j ACCEPT 
# dissallow any other trafic
iptables -A INPUT -j DROP


Comments