RE: [cobalt-security] [RaQ3] Port Sentry

[Benoit Perreault]

Whit a Qube3 we have some firewall rules already in there when we setup-up
the GUI, how do you tell the system to remake them ?

Thank's

------

Benoit Perreault
mailto:[EMAIL PROTECTED]
N�v� R�frig�ration Inc
Longueuil, Qu�bec, Canada


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Michael
Stauber
Sent: Monday, June 11, 2001 10:00
To: [EMAIL PROTECTED]
Subject: Re: [cobalt-security] [RaQ3] Port Sentry


Hi Kevin,

> Now this I like. I've actually considered setting up something like this
> myself... care to share that config and script?

Sure, no problem. But I'll have to leave out the randomized restart routine
for NDA reasons <sigh>. Just bind this script to a cronjob that will run
several times a day (1-3 times for instance) and you're there almost as
good.

Make sure you understand what the script does before you attempt to use it!
For instance: If you don't have SSH installed, then you will no longer be
able to get to the shell, as it'll block the telnet port! :o)

#!/bin/sh
# This script makes sure that Portsentry does not generate
# too many false alerts. It also makes sure that Portsentry is
# restarted periodically. When that happens existing
# Firewall rules will be flushed. So if a customer accidentially
# blocked himself, then a flush of the ruleset will make
# sure that he can get in again after a considerable wait.
# For questions ask [EMAIL PROTECTED]

# Stop all instances of Portsentry:
killall -9 portsentry

# Flush all existing Firewall rules
/sbin/ipchains -F

#Deny Telnet permanently (only if you have SSH!):
/sbin/ipchains -A input -l -i eth0 -d 0/0 23 -p tcp -j DENY

# Deny TCP and UDP packets to certain ports:
/sbin/ipchains -A input -i eth0 -d 0/0 137:139 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 137:139 -p tcp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 68 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 67 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 123 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 161 -p udp -j DENY

# Remove portsentry history file:
rm /usr/local/psionic/portsentry/portsentry.blocked.*

# Restart Portsentry in both ATCP and AUDP mode:
/usr/local/psionic/portsentry/portsentry -atcp
/usr/local/psionic/portsentry/portsentry -audp

# Say something nice and exit gracefully:
echo "Firewall rules flushed and Portsentry restarted"


--

Mit freundlichen Gr��en / Best regards

Michael Stauber

�Stauber Multimedia Design ____ Phone: �+49-6471-923812
�Hauptstrasse 31 ______ �D-56244 Goddert ______ Germany
�SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security

_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security