New in Specops Gpupdate 2.0 ( BETA VERSION )
Commands
• Improved WoL functionality including custom Mac/IP address lookup and support for no-DHCP environments.
• Immediate WSUS client update
UI
• New powerful customizable User Interface
PowerShell support
• View PowerShell code for all chosen commands
Supported Operating systems
• Support for Win Server 2008 Standard & Enterprise in both x32 and x64 iterations.
Specops Remote Admin
All functionality and features of Specops Gpupdate 2.0 plus…
Additional Commands
• Remote Assistance
• Remote Desktop
• Remote Event Viewer
• Run executable remotely
• View remote computer in explorer
• Remote registry reading
Full PowerShell support
• View and run chosen commands as PowerShell code.
Scheduling
• Full support for scheduling all commands using Windows Task Scheduler
A full feature list of Specops Remote Admin will be available on our wiki within a few days time.
In order to download Specops Gpupdate 2.0/Specops Remote Admin CTP Release please download and install the following setup:
http://www.specopssoft.com/ftp/InstallFiles/BetaFiles/SpecopsRemoteAdmin/
In order to install Specops Remote Admin, a valid license key is needed. This can be found in the same directory as the setup file above.
Sunday, September 28, 2008
Thursday, September 18, 2008
Remote Desktop with your browser
Tips copied from: http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx
You don't have to carry a laptop to have your computer available wherever you go, because Windows XP Professional includes Remote Desktop. Remote Desktop gives you complete control over your computer from across a network and over the Internet. However, Remote Desktop requires software to be installed on the system you're connecting from. Unfortunately, it's often impossible to install the software on a system, such as when you're at an Internet café, a friend's house, or using a client's computer.
You don't have to carry a laptop to have your computer available wherever you go, because Windows XP Professional includes Remote Desktop. Remote Desktop gives you complete control over your computer from across a network and over the Internet. However, Remote Desktop requires software to be installed on the system you're connecting from. Unfortunately, it's often impossible to install the software on a system, such as when you're at an Internet café, a friend's house, or using a client's computer.
The solution is to use Remote Desktop Web Connection, which loads the Remote Desktop client within a browser. The Remote Desktop Web Connection is a perfect solution for connecting to your home or office PC when you can't install the Remote Desktop client software on a computer. By pointing a browser that supports ActiveX controls at a host computer running Windows XP Professional, you can access your remote desktop over the Internet.
Get Your Host Computer Ready
The Remote Desktop feature is only available in Windows XP Professional. It's not included with Windows XP Home Edition. For more information about how Remote Desktop Web Connection works, see About Remote Desktop Web Connection.
The first step in enabling Remote Desktop Web Connection is to install the necessary software on the host computer. Remote Desktop Web Connection is an optional World Wide Web Service component of Internet Information Services (IIS), which is included by default in Windows XP Professional. IIS responds to requests from a Web browser. Have your Windows XP Professional CD handy, and follow these steps:
1. | Open Control Panel click Add or Remove Programs, and then click Add/Remove Windows Components. |
2. | Click Internet Information Services, and then click Details. |
3. | In the Subcomponents of Internet Information Services list, click World Wide Web Service, and then click Details. |
4. | In the Subcomponents of World Wide Web Service list, select the Remote Desktop Web Connection check box, and then click OK. |
5. | In the Windows Components Wizard, click Next. Click Finish when the wizard has completed. |
6. | Click the Start button and click Run. Type Net Stop w3svc, and click OK. This temporarily stops the World Wide Web service to keep your system safe while you update it with security patches. |
Enabling IIS without installing the appropriate security patches can make your system vulnerable to intruders. For more information, read Microsoft Security Bulletin MS01-018 and Security and Privacy for Home Users.
To check for updates:
1. | Click Start, point to All Programs, click Microsoft Update, and then click Scan for updates. Follow the prompts to install all critical updates. If prompted, restart your computer. |
2. | Click Start, and then click Run. Type Net Start w3svc, and click OK. This starts the World Wide Web service. |
I highly recommend using Automatic Updates, especially after installing Internet Information Services.
Configure Internet Information Services
By default, IIS is identified on your computer by the TCP port number 80. The steps in this section change the TCP port number and make it much more difficult for a potential attacker to communicate with your computer. The steps in this section are optional, but if you do follow them, you'll dramatically improve the security of your system. If you are already using your computer as a Web server, you should leave the TCP port number at the default setting of 80.
1. | Open Control Panel, click Performance and Maintenance, and then click Administrative Tools. Double-click Internet Information Services. |
2. | In the ISS snap-in, expand your computer name, expand Web Sites, right-click Default Web Site, and then click Properties. |
3. | On the Web Site tab, change the value for TCP Port. Enter a number between 1000 and 65535 that you can remember easily, such as the month and day of a birthday or anniversary. You'll need to know the TCP Port when you connect to the computer in the future. |
4. | Click OK, and close the Internet Information Services snap-in. |
Configure Remote Desktop
To connect using Remote Desktop, you must have a user account with a password. If you don't yet have a password on your account, create a password by opening Control Panel, and clicking User Accounts. Click your account, click Create a password, and follow the prompts. After you have a password, follow these steps to enable Remote Desktop:
1. | Right-click My Computer, and click Properties. |
2. | On the Remote tab, click the Allow users to connect remotely to this computer check box, as shown in Figure 1.
|
3. | Click Select Remote Users, and then click Add. |
4. | In the Select Users dialog box, type the name of the user and then click OK. Click OK again to return to the System Properties dialog box, and then click OK to close it. |
Configure Your Router
If you use a router to connect to the Internet, you probably need to configure it to allow the Remote Desktop connection to your computer. For more information on routers and firewalls, see my Internet Firewalls column. You need to forward two ports to your Windows XP Professional-based computer: TCP port 3389, which Remote Desktop requires, and the port you specified in the TCP Port field in Internet Information Services (or TCP port 80 if you did not change the default). If you use Internet Connection Firewall (and you should!), see How to Manually Open Ports in Internet Connection Firewall in Windows XP for instructions on allowing traffic by TCP port.
Connect to Your Desktop
Computers are identified on the Internet using a unique IP address. To connect to your home computer from the Internet, you'll need to know your home IP address. Visit one of these sites from your home computer to learn your IP address: What Is My IP, What Is My IP.com, or Atlantic PC Solutions. Your IP address may change occasionally, so always check your IP address before you plan to connect. When you're ready to connect to your host computer, follow these steps:
1. | Open Internet Explorer, and enter the URL http://ipaddress:port/tsweb/. For example, if your IP address is 192.168.1.120, and you chose the TCP Port 1374, you would enter the URL http://192.168.1.120:1374/tsweb/. |
2. | If you're prompted to install the Remote Desktop ActiveX control, click Yes. |
3. | On the Remote Desktop Web Connection page, shown in Figure 2, click Connect. You don't need to fill in the Server field. If you leave the Size field set to Full-screen, the remote desktop will take over your local desktop.  Figure 2: Remote Desktop Web Connection page |
4. | Enter your user name and password at the Windows logon prompt, as shown in Figure 3, and then click OK. You'll see your desktop, complete with any windows that were left open the last time you used the computer.  Figure 3: The Remote Desktop Web Connection logon screen |
When you're done, disconnect by closing the browser, or clicking the X at the top of the screen in full-screen mode. Be sure to close all browser windows. Your user name and password aren't stored, so you don't have to worry about someone else accessing your system.
If you're Internet-savvy and plan to connect to your home computer regularly, you can get a domain name to save yourself the trouble of writing down your IP address every time you plan to connect to your computer. You're already familiar with domain names; they're the ".com" names Web sites use to identify themselves. For example, the domain name for this Web site is Microsoft.com. If you have your own domain name, you can enter that into a browser to connect to your home computer, instead of the unfriendly IP address. For information on getting your own domain name and associating it with your home computer, visit the Dynamic DNS Providers List.
If you have Windows XP Professional and an always-on Internet connection, you can securely access your applications and data from work, an Internet café, or any place that has a compatible Web browser. Getting Remote Desktop Web Connection set up takes more than one click, but it's definitely easier than lugging your computer everywhere.
Tuesday, September 16, 2008
How To install mod security on Centos 5
Instead of downloading source, configure and make install mod security i choose the easiest way to install it from yum. We must add new repository address to our yum database.
Import GPG key to our system from jasonlitka.com in order to validate the packages. You can take care of that with a single command:
Import GPG key to our system from jasonlitka.com in order to validate the packages. You can take care of that with a single command:
rpm --import http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitkaUpdate yum database, type:
nano -w /etc/yum.repos.d/utterramblings.repo... and then paste the following into the editor:
[utterramblings]Install mod-security with yum:
name=Jason's Utter Ramblings Repo
baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka
yum install mod-securityWhen i tried to restart apache service, i found this error message:
Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/httpd.conf: Syntax error on line 5 of /etc/httpd/conf.d/mod_security.conf: Cannot load /etc/httpd/modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: undefined symbol: ap_get_server_bannerSome references told me that this error can be fix by installing mod_perl-devel but it doesn't work for me. So what did i do? I uninstall apache and php then install it again from utterramblings.repo
# yum remove httpd mod_perl mod_perl-devel mod_securityNow try to restart httpd service, mine is working now.
# mv /etc/yum.repos.d/CentOS-Base.repo /tmp ( move base centos repo to /tmp )
# yum install httpd ( This will install apache from utterramblings.repo )
# yum install mod_perl mod_perl-devel
# yum install mod_security
Monday, September 15, 2008
How to merge /etc/passwd and /etc/shadow
Download John the Ripper from http://www.openwall.com/john/ or find the installer from http://rpm.pbone.net and install it.
# unshadow /etc/passwd /etc/shadow > linux_passwd
Thursday, September 11, 2008
Free Linux, FreeBSD, or OpenBSD Based Firewall
Free firewalls have become very common and represent an excellent alternative to commercial firewall packages.
Most of these firewalls run under some form of Linux, FreeBSD, or OpenBSD.
Many of these free firewalls are front-ends for the lower-level firewall packages which ship with these operating systems, such as pf (Packet Filter), ipf (IPFilter), ipfw (IPFirewall), and iptables.
Free firewall packages which you can download include:
Firestarter
Firesarter is a free firewall tool for Linux machines. Whether you simply want to protect your personal workstation or you have a network of computers to secure, Firestarter is here to make your life easier. While a firewall can not guarantee security, it is the first line of defense against network based attacks.
Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators.
We strongly believe that your job is to make the high level security policy decisions and ours is to take care of the underlying details. This is a departure from your typical Linux firewall, which has traditionally required arcane implementation specific knowledge.
* Open Source software, available free of charge
* User friendly, easy to use, graphical interface
* A wizard walks you through setting up your firewall on your first time
* Suitable for use on desktops, servers and gateways
* Real-time firewall event monitor shows intrusion attempts as they happen
* Enables Internet connection sharing, optionally with DHCP service for the clients
* Allows you to define both inbound and outbound access policy
* Open or stealth ports, shaping your firewall policy with just a few mouse clicks
* Enable port forwarding for your local network in just seconds
* Option to whitelist or blacklist traffic
* Real time firewall events view
* View active network connections, including any traffic routed through the firewall
* Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
* Support for tuning ICMP parameters to stop Denial of Service (DoS) attacks
* Support for tuning QoS parameters to improve services for connected client computers
* Ability to hook up user defined scripts or rule sets before or after firewall activation
* Supports Linux Kernels 2.4 and 2.6
* Translations available for many languages (38 languages as of November 2004)
Zorp GPL
Zorp is a new generation proxy firewall suite and as such its core architecture is built around today's security demands: it uses application level proxies, it is modular and component based, it uses a script language to describe policy decisions, it makes it possible to monitor encrypted traffic, it let's you override client actions, it let's you protect your servers with its built in IDS capabilities... The list is endless. It gives you all the power you need to implement your local security policy.
* Using script language as configuration and decision language(Python)
* Supported protocols:
o HTTP/1.1
o FTP
o SSL
o finger
o plug
o whois
o telnet
* Utilizing modular application gateways
* Able to analyze sub-protocols (for example HTTP in SSL)
* Can add/remove packet filter rules on-demand
* You can write your own proxy modules in Python if a native version is not available
Turtle
Turtle Firewall is a software which allows you to realize a Linux firewall in a simply and fast way. It's based on Kernel 2.4.x and Iptables. Its way of working is easy to understand: you can define the different firewall elements (zones, hosts, networks) and then set the services you want to enable among the different elements or groups of elements. You can do this simply editing a XML file or using the comfortable web interface, Webmin.
* ZONES, NETWORKS, HOSTS and GROUPS definitions.
* Filter rules definitions based on services.
* New services definitions.
* NAT (Network Address Translation)
* Masquerading
LutelWall
LutelWall is high-level Linux firewall configuration tool. It uses human-readable and easy to understand configuration to set up Netfilter in the most secure way. The flexibility of LutelWall allows firewall adminstrators build very simple, single-homed firewalls, and most complex ones - with multiple subnets, DMZ's and traffic redirections.
LutelWall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone system. Configuration method of this firewall is designed to be as simple as possible without loosing Netfilter flexibility and its security features.
LutelWall is a Linux IPtables shell script written in bash for use as a stateful firewall and NAT/masquerade router for single or multiple subnets networks.
LutelWall makes use of the netfilter code in the 2.4 Linux kernel and is more robust and configurable than an equivalent IPchains script
* Traffic features:
o Flexible control over traffic using rule set
o User-defined protocols support
o Support for any kind multiple external and internal interfaces (and aliases)
o Automated MASQUERADE / SNAT support
o Easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.)
o Rate limit extensions
o Packet marking for 3rd party shapers
o TOS (Type of Service) traffic optimizer
o Both passive and active FTP support
o DHCP support
o Can work as "workstation" firewall
* Security features:
o Stateful TCP connection tracking with restrictive TCP chain
o Blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
o Blocking IP protocol scans (nmap -sO)
o Blocking UDP scans (nmap -sU)
o Blocking identification via TCP/IP fingerprinting (nmap -O)
o Anti-spoof protection, including protection for aliases
o Anti-smurf protection
o TCP SYN Flood protection
o UDP / ICMP Flood protection
o IANA reserved addresses checking
o SYSCTL parameters set for increased strength
* Logging features:
o Logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.
* Other features:
o Autodetect of connection type (static/dynamic, external/internal)
o Auto update of firewall tool
o Auto update IANA reserved list
o Display firewall statistics in iptables native, csv or html format
o Easy deployment on all distributions
floppyfw
floppyfw is a router with the advanced firewall-capabilities in Linux that fits on one single floppy disk.
* Access lists, IP-masquerading (Network Address Translation), connection tracked packet filtering and (quite) advanced routing. Package for traffic shaping is also available.
* Requires only a 386sx or better with two network interface cards, a 1.44MB floppy drive and 12MByte of RAM (for less than 12M and no FPU, use the 1.0 series, which will stay maintained.)
* Very simple packaging system. Is used for editors, PPP, VPN, traffic shaping and whatever comes up.
* Logging through klogd/syslogd, both local and remote.
* Serial support for console over serial port.
* DHCP server and DNS cache for internal networks.
Untangle
Untangle delivers an integrated family of applications that help you simplify and consolidate the network and security products you need, in one place at the network gateway. The most popular applications let businesses block spam, spyware, viruses, and phish, filter out inappropriate web content, control unwanted protocols like instant messaging, and provide remote access and support options to their employees. Every downloadable application is pre-configured and guaranteed to work together.
* Spam Blocker
* Spyware Blocker
* Protocol Control
* Virus Blocking
* Phish Blocker
* Intrusion Prevention
* Attack Blocker
* Firewall
* OpenVPN
* Untangle Reports
* Routing & QoS
Guarddog
Guarddog is a firewall configuration utility for Linux systems. Guarddog is aimed at two groups of users. Novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains/iptables parameters.
* Easy to use goal oriented GUI. You say what the firewall should do without having to explain all the details of how it should do it.
* Application protocol based. Unlike other tools, Guarddog does not require you to understand the ins and outs of IP packets and ports. Guarddog takes care of this for you. This also reduces the chances of configuration mistakes being made which are a prime source of security holes.
* Doesn't just generate the firewall once and forgets it. Guarddog lets you maintain and modify the firewall in place.
* Hosts/networks can be divided into Zones. Different zones can have different security policies for different.
* Supports the following network protocols: FTP, SSH, Telnet, Linuxconf, Corba, SMTP, DNS, Finger, HTTP, HTTPS, NFS, POP2, POP3, SUN RPC, Auth, NNTP, NETBIOS Name Service, NETBIOS Session Service, IMAP, Socks, Squid, pcANYWHEREstat, X Window System, Traceroute, ICQ, PowWow, IRC, PostgreSQL, MySQL, Ping, Quake, QuakeWorld, Quake 2, Who Is, Webmin, ICMP Source Quench, ICMP Redirect, Real Audio, Line Printer Spooler, syslog, NTP, NetMeeting, Gnutella, LDAP, LDAP-SSL, SWAT, Diablo II, Nessus, DHCP, AudioGalaxy, DirectPlay, Halflife, XDMCP and Telstra's BigPond Cable, CDDB, MSN Messenger, VNC, PPTP, Kerberos, klogin, kshell, NIS, IMAPS, POP3S, ISAKMP, CVS, DICT, AIM, Fasttrack, Kazaa, iMesh, Grokster, Blubster, Direct Connect, WinMX, Yahoo! Messenger, AH, ESP, Jabber, EsounD, Privoxy, eDonkey2000, EverQuest, ICP, FreeDB, Elster, Yahoo games, Legato NetWorker backups, Novell Netware 5/6 NCP, Bittorrent, rsync, distcc, Jabber over SSL, PGP key server, Microsoft Media Server and gkrellm.
* Protocols not supported in the list above can be entered in directly.
* Supports router configurations.
* Runs on KDE 2 or 3, and Linux 2.2, 2.4 and 2.6 series kernels.
* Supports advanced Linux 2.4+ iptables features such as connection tracking and rate limited logging.
* Firewall scripts can be Imported/Exported for use on machines other than the current one.
* DHCP support.
* Uses a "what is not explicitly allowed, is denied" philosophy. Fail-safe design.
* Well documented with tutorials and reference material.
* Licensed under the terms of the GNU General Public License. Is Free and will remain Free.
IPCop
IPCop Firewall is a Linux firewall distribution geared towards home and SOHO (Small Office/Home Office) users. The IPCop interface is very user-friendly and task-based. IPCop offers the critical functionality of an expensive network appliance using stock, or even obsolete, hardware and OpenSource Software.
OLD PC + IPCOP = Secure Internet Appliance
IPCop lets you take an old PC and convert it into an appliance that will.
1. Secure your home network from the internet.
2. Improve the performance of web browsers (by keeping frequently used information)
All this functionality can be managed from a simple to use web interface, even updates and patches can be installed using a web browser.
IPCop works with most home networks and small office networks, dial up modems, cable modems, ADSL, Leased lines and ISDN. It also lets several PCs share connections to the internet. If you have an always on connection to can even use IPCop to protect your web and email servers. IPCop also has remote management meaning you can securely update and reconfigure your IPCop firewall from anywhere with an internet connection.
Endian
Endian is a "turn-key" Linux security distribution that turns every system into a full featured security appliance. Endian has been designed with usability in mind and is very easy to install, use and manage, without losing its flexibility.
Endian's features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN).
Smoothwall
SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. SmoothWall includes a hardened subset of the GNU/Linux operating system, so there is no separate OS to install. Designed for ease of use, SmoothWall is configured via a web-based GUI, and requires absolutely no knowledge of Linux to install or use.
m0n0wall
The m0n0wall project is aimed at creating a complete, embedded firewall software package that provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price. The m0n0wall software is free, so your only cost is the price of a small dedicated PC.
m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep the configuration transparent.
m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.
pfSense
pfSense is a open source firewall derived from the m0n0wall operating system platform with radically different goals such as using OpenBSD's ported Packet Filter, FreeBSD 6.1 ALTQ (HFSC) for excellent packet queueing and finally an integrated package management system for extending the environment with new features.
Most of these firewalls run under some form of Linux, FreeBSD, or OpenBSD.
Many of these free firewalls are front-ends for the lower-level firewall packages which ship with these operating systems, such as pf (Packet Filter), ipf (IPFilter), ipfw (IPFirewall), and iptables.
Free firewall packages which you can download include:
Firestarter
Firesarter is a free firewall tool for Linux machines. Whether you simply want to protect your personal workstation or you have a network of computers to secure, Firestarter is here to make your life easier. While a firewall can not guarantee security, it is the first line of defense against network based attacks.
Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators.
We strongly believe that your job is to make the high level security policy decisions and ours is to take care of the underlying details. This is a departure from your typical Linux firewall, which has traditionally required arcane implementation specific knowledge.
* Open Source software, available free of charge
* User friendly, easy to use, graphical interface
* A wizard walks you through setting up your firewall on your first time
* Suitable for use on desktops, servers and gateways
* Real-time firewall event monitor shows intrusion attempts as they happen
* Enables Internet connection sharing, optionally with DHCP service for the clients
* Allows you to define both inbound and outbound access policy
* Open or stealth ports, shaping your firewall policy with just a few mouse clicks
* Enable port forwarding for your local network in just seconds
* Option to whitelist or blacklist traffic
* Real time firewall events view
* View active network connections, including any traffic routed through the firewall
* Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
* Support for tuning ICMP parameters to stop Denial of Service (DoS) attacks
* Support for tuning QoS parameters to improve services for connected client computers
* Ability to hook up user defined scripts or rule sets before or after firewall activation
* Supports Linux Kernels 2.4 and 2.6
* Translations available for many languages (38 languages as of November 2004)
Zorp GPL
Zorp is a new generation proxy firewall suite and as such its core architecture is built around today's security demands: it uses application level proxies, it is modular and component based, it uses a script language to describe policy decisions, it makes it possible to monitor encrypted traffic, it let's you override client actions, it let's you protect your servers with its built in IDS capabilities... The list is endless. It gives you all the power you need to implement your local security policy.
* Using script language as configuration and decision language(Python)
* Supported protocols:
o HTTP/1.1
o FTP
o SSL
o finger
o plug
o whois
o telnet
* Utilizing modular application gateways
* Able to analyze sub-protocols (for example HTTP in SSL)
* Can add/remove packet filter rules on-demand
* You can write your own proxy modules in Python if a native version is not available
Turtle
Turtle Firewall is a software which allows you to realize a Linux firewall in a simply and fast way. It's based on Kernel 2.4.x and Iptables. Its way of working is easy to understand: you can define the different firewall elements (zones, hosts, networks) and then set the services you want to enable among the different elements or groups of elements. You can do this simply editing a XML file or using the comfortable web interface, Webmin.
* ZONES, NETWORKS, HOSTS and GROUPS definitions.
* Filter rules definitions based on services.
* New services definitions.
* NAT (Network Address Translation)
* Masquerading
LutelWall
LutelWall is high-level Linux firewall configuration tool. It uses human-readable and easy to understand configuration to set up Netfilter in the most secure way. The flexibility of LutelWall allows firewall adminstrators build very simple, single-homed firewalls, and most complex ones - with multiple subnets, DMZ's and traffic redirections.
LutelWall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone system. Configuration method of this firewall is designed to be as simple as possible without loosing Netfilter flexibility and its security features.
LutelWall is a Linux IPtables shell script written in bash for use as a stateful firewall and NAT/masquerade router for single or multiple subnets networks.
LutelWall makes use of the netfilter code in the 2.4 Linux kernel and is more robust and configurable than an equivalent IPchains script
* Traffic features:
o Flexible control over traffic using rule set
o User-defined protocols support
o Support for any kind multiple external and internal interfaces (and aliases)
o Automated MASQUERADE / SNAT support
o Easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.)
o Rate limit extensions
o Packet marking for 3rd party shapers
o TOS (Type of Service) traffic optimizer
o Both passive and active FTP support
o DHCP support
o Can work as "workstation" firewall
* Security features:
o Stateful TCP connection tracking with restrictive TCP chain
o Blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
o Blocking IP protocol scans (nmap -sO)
o Blocking UDP scans (nmap -sU)
o Blocking identification via TCP/IP fingerprinting (nmap -O)
o Anti-spoof protection, including protection for aliases
o Anti-smurf protection
o TCP SYN Flood protection
o UDP / ICMP Flood protection
o IANA reserved addresses checking
o SYSCTL parameters set for increased strength
* Logging features:
o Logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.
* Other features:
o Autodetect of connection type (static/dynamic, external/internal)
o Auto update of firewall tool
o Auto update IANA reserved list
o Display firewall statistics in iptables native, csv or html format
o Easy deployment on all distributions
floppyfw
floppyfw is a router with the advanced firewall-capabilities in Linux that fits on one single floppy disk.
* Access lists, IP-masquerading (Network Address Translation), connection tracked packet filtering and (quite) advanced routing. Package for traffic shaping is also available.
* Requires only a 386sx or better with two network interface cards, a 1.44MB floppy drive and 12MByte of RAM (for less than 12M and no FPU, use the 1.0 series, which will stay maintained.)
* Very simple packaging system. Is used for editors, PPP, VPN, traffic shaping and whatever comes up.
* Logging through klogd/syslogd, both local and remote.
* Serial support for console over serial port.
* DHCP server and DNS cache for internal networks.
Untangle
Untangle delivers an integrated family of applications that help you simplify and consolidate the network and security products you need, in one place at the network gateway. The most popular applications let businesses block spam, spyware, viruses, and phish, filter out inappropriate web content, control unwanted protocols like instant messaging, and provide remote access and support options to their employees. Every downloadable application is pre-configured and guaranteed to work together.
- All applications run on one off-the-shelf server
- Pre-configured on-demand downloads
- Integrated administration and reporting
Open Source (and Free): The Untangle Gateway Platform and 12 of the applications that run on it are open source and free to use under the GNU General Public License v2 (GPL). This includes updates to signatures, block lists, and category lists, as well as upgrades to the applications themselves. The applications run on the Untangle Gateway Platform, which is also open source and free under the GPL.
Feature List for Open Source & Free License
* Spam Blocker
* Spyware Blocker
* Protocol Control
* Virus Blocking
* Phish Blocker
* Intrusion Prevention
* Attack Blocker
* Firewall
* OpenVPN
* Untangle Reports
* Routing & QoS
Guarddog
Guarddog is a firewall configuration utility for Linux systems. Guarddog is aimed at two groups of users. Novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains/iptables parameters.
* Easy to use goal oriented GUI. You say what the firewall should do without having to explain all the details of how it should do it.
* Application protocol based. Unlike other tools, Guarddog does not require you to understand the ins and outs of IP packets and ports. Guarddog takes care of this for you. This also reduces the chances of configuration mistakes being made which are a prime source of security holes.
* Doesn't just generate the firewall once and forgets it. Guarddog lets you maintain and modify the firewall in place.
* Hosts/networks can be divided into Zones. Different zones can have different security policies for different.
* Supports the following network protocols: FTP, SSH, Telnet, Linuxconf, Corba, SMTP, DNS, Finger, HTTP, HTTPS, NFS, POP2, POP3, SUN RPC, Auth, NNTP, NETBIOS Name Service, NETBIOS Session Service, IMAP, Socks, Squid, pcANYWHEREstat, X Window System, Traceroute, ICQ, PowWow, IRC, PostgreSQL, MySQL, Ping, Quake, QuakeWorld, Quake 2, Who Is, Webmin, ICMP Source Quench, ICMP Redirect, Real Audio, Line Printer Spooler, syslog, NTP, NetMeeting, Gnutella, LDAP, LDAP-SSL, SWAT, Diablo II, Nessus, DHCP, AudioGalaxy, DirectPlay, Halflife, XDMCP and Telstra's BigPond Cable, CDDB, MSN Messenger, VNC, PPTP, Kerberos, klogin, kshell, NIS, IMAPS, POP3S, ISAKMP, CVS, DICT, AIM, Fasttrack, Kazaa, iMesh, Grokster, Blubster, Direct Connect, WinMX, Yahoo! Messenger, AH, ESP, Jabber, EsounD, Privoxy, eDonkey2000, EverQuest, ICP, FreeDB, Elster, Yahoo games, Legato NetWorker backups, Novell Netware 5/6 NCP, Bittorrent, rsync, distcc, Jabber over SSL, PGP key server, Microsoft Media Server and gkrellm.
* Protocols not supported in the list above can be entered in directly.
* Supports router configurations.
* Runs on KDE 2 or 3, and Linux 2.2, 2.4 and 2.6 series kernels.
* Supports advanced Linux 2.4+ iptables features such as connection tracking and rate limited logging.
* Firewall scripts can be Imported/Exported for use on machines other than the current one.
* DHCP support.
* Uses a "what is not explicitly allowed, is denied" philosophy. Fail-safe design.
* Well documented with tutorials and reference material.
* Licensed under the terms of the GNU General Public License. Is Free and will remain Free.
IPCop
IPCop Firewall is a Linux firewall distribution geared towards home and SOHO (Small Office/Home Office) users. The IPCop interface is very user-friendly and task-based. IPCop offers the critical functionality of an expensive network appliance using stock, or even obsolete, hardware and OpenSource Software.
OLD PC + IPCOP = Secure Internet Appliance
IPCop lets you take an old PC and convert it into an appliance that will.
1. Secure your home network from the internet.
2. Improve the performance of web browsers (by keeping frequently used information)
All this functionality can be managed from a simple to use web interface, even updates and patches can be installed using a web browser.
IPCop works with most home networks and small office networks, dial up modems, cable modems, ADSL, Leased lines and ISDN. It also lets several PCs share connections to the internet. If you have an always on connection to can even use IPCop to protect your web and email servers. IPCop also has remote management meaning you can securely update and reconfigure your IPCop firewall from anywhere with an internet connection.
Endian
Endian is a "turn-key" Linux security distribution that turns every system into a full featured security appliance. Endian has been designed with usability in mind and is very easy to install, use and manage, without losing its flexibility.
Endian's features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN).
Smoothwall
SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. SmoothWall includes a hardened subset of the GNU/Linux operating system, so there is no separate OS to install. Designed for ease of use, SmoothWall is configured via a web-based GUI, and requires absolutely no knowledge of Linux to install or use.
m0n0wall
The m0n0wall project is aimed at creating a complete, embedded firewall software package that provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price. The m0n0wall software is free, so your only cost is the price of a small dedicated PC.
m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep the configuration transparent.
m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.
pfSense
pfSense is a open source firewall derived from the m0n0wall operating system platform with radically different goals such as using OpenBSD's ported Packet Filter, FreeBSD 6.1 ALTQ (HFSC) for excellent packet queueing and finally an integrated package management system for extending the environment with new features.
Wednesday, September 3, 2008
Disable SU and Enable SUDO in LINUX
For security reasons never log in directly as root, unless absolutely necessary. Administrators should use sudo to execute commands as root when required. The accounts capable of using sudo are specified in /etc/sudoers, which is edited with the visudo utility. By default, relevant logs are written to /var/log/secure.
Edit /etc/sudoers - choose which groups that you want to allow execute sudo.
Change permission file /etc/sudoers & /etc/shadow
# chmod 744 /etc/sudoers /etc/shadow
Edit /etc/shadow - remove password from root so all users can't do SU
changeroot:$1$ZHjKbcaB$ctJrRgpyi3hU.eva3jGcr.:14116:0:99999:7:::toroot:*:14116:0:99999:7:::replace password section with *
Edit /etc/sudoers - choose which groups that you want to allow execute sudo.
%admin ALL=(ALL) ALLSave all changes and change permission file back.
[ only allow admin group to SUDO ]
# chmod 0440 /etc/sudoers /etc/shadow
Subscribe to:
Posts (Atom)
