Bom dia Pessoal,
achei um site ( grc.com ) que testa as portas:
www.grc.com
ShieldsUP
ShieldsUP
Proceed
Common Ports
O resultado foi este:
GRC Port Authority Report created on UTC: 2012-03-22 at 12:50:48
Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000
1 Ports Open
0 Ports Closed
25 Ports Stealth
---------------------
26 Ports Tested
NO PORTS were found to be CLOSED.
The port found to be OPEN was: 22
Other than what is listed above, all ports are STEALTH.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
Este servidor esta de cara com a internet. Você acham que ele esta seguro ?
Obrigado
Wilson Bom
Em 20-03-2012 10:58, Wilson Bom escreveu:
Bom dia Jeferson,
sim, ja fiz um teste colocando em /etc/init.d
Me parece que esta funcionando legal, mas não sei fazer testes de
ataques para verificar a funcionalidade.
[]s
Bom dia Wilson,
Você vai colocar no /etc/init.d/ o script?
Abraços
Em 20 de março de 2012 11:18, Wilson Bom<[email protected]>
escreveu:
Bom dia Pessoal,
Estou tentando instalar firewall e gostaria da opinião dos senhores a
respeito do script abaixo.
------------------------------**--------
#! /bin/bash
case "$1" in
start)
###############
# TITULO ABRE #
###############
echo "Iniciando a Configuração do Firewall"
########################
# Zera todas as Regras #
########################
echo "Regras Zeradas"
iptables -F
##############################**##########
# Bloqueia tudo, nada entra e nada sai #
##############################**##########
echo "Fechando tudo"
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
##############################**##############################**
################
# Impede ataques DoS a maquina limitando a quantidade de
respostas do
ping #
##############################**##############################**
################
#echo "Previne ataques DoS"
# iptables -A INPUT -p icmp --icmp-type echo-request -m limit
--limit
1/s -j ACCEPT
##############################**###
# Bloqieia completamente o ping #
##############################**###
echo "Bloqueia o pings"
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
##########################
# Politicas de segurança #
##########################
echo "Implementação de politicas de segurança"
echo 0> /proc/sys/net/ipv4/conf/all/**accept_source_route #
Impede
falsear pacote
echo 0> /proc/sys/net/ipv4/conf/all/**accept_redirects #
Perigo de
descobrimento de rotas de roteamento (desativar em roteador)
echo 1> /proc/sys/net/ipv4/icmp_echo_**ignore_broadcasts #
Risco de
DoS
echo 1> /proc/sys/net/ipv4/tcp_**syncookies # Só inicia a
conexão
quando recebe a confirmação, diminuindo a banda gasta
echo 1> /proc/sys/net/ipv4/conf/**default/rp_filter # Faz o
firewall responder apenas a placa de rede que recebeu o pacote
iptables -A INPUT -m state --state INVALID -j DROP # Elimina os
pacotes invalidos
##############################**###
# Libera conexoes estabelecidas #
##############################**###
echo "Liberando conexões estabelecidas"
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED,NEW
-j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j
ACCEPT
iptables -A INPUT -i lo -j ACCEPT
##############################**##############################**
###########################
# Libera o acesso via SSH e Limita o número de tentativas de
acesso a 4
a cada minuto #
##############################**##############################**
###########################
echo "Liberando o SSH"
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state
NEW -m
recent --update --seconds 60 --hitcount 4 -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 22 -j ACCEPT
##################
# Libera o Samba #
##################
echo "Liberando o Samba"
iptables -A INPUT -p tcp --dport 137:139 -j ACCEPT
iptables -A INPUT -p udp --dport 137:139 -j ACCEPT
###################
# Libera o Apache #
###################
echo "Liberando o Apache"
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
################
# TITULO FECHA #
################
echo "Configuração do Firewall Concluida."
;;
stop)
echo "Finalizando o Firewall"
rm -rf /var/lock/subsys/firewall
# ------------------------------**------------------------------**
-----
# Remove todas as regras existentes
# ------------------------------**------------------------------**
-----
iptables -F
iptables -X
iptables -t mangle -F
# ------------------------------**------------------------------**
-----
# Reseta as politicas padrões, aceitar tudo
# ------------------------------**------------------------------**
-----
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
;;
restart|reload)
$0 stop
$0 start
;;
*)
echo "Selecione uma opção valida
{start|stop|status|restart|**reload}"
exit 1
esac
exit 0
--
Wilson Bom
Serprodata Informática Ltda.
Av. Marcelino Pires, 1405 - Sala 216
79800-004 - Dourados - MS
(067) 3421-3343 - 8407-4808 - 8407-8808
Messenger: [email protected]
E-mail...: [email protected]
[email protected]
[email protected]
[email protected]
Ubuntu Lucid Lynx 10.04 - 2.6.32-25 #44
Linux Counter: 292553
Dataflex 3.2 Linux - Dataflex 3.2 MS-Dos
--
Mais sobre o Ubuntu em português:
http://www.ubuntu-br.org/**comece<http://www.ubuntu-br.org/comece>
Lista de discussão Ubuntu Brasil
Histórico, descadastramento e outras opções:
https://lists.ubuntu.com/**mailman/listinfo/ubuntu-br<https://lists.ubuntu.com/mailman/listinfo/ubuntu-br>
--
Wilson Bom
Serprodata Informática Ltda.
Av. Marcelino Pires, 1405 - Sala 216
79800-004 - Dourados - MS
(067) 3421-3343 - 8407-4808 - 8407-8808
Messenger: [email protected]
E-mail...: [email protected]
[email protected]
[email protected]
[email protected]
Ubuntu Lucid Lynx 10.04 - 2.6.32-25 #44
Linux Counter: 292553
Dataflex 3.2 Linux - Dataflex 3.2 MS-Dos
--
Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece
Lista de discussão Ubuntu Brasil
Histórico, descadastramento e outras opções:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-br
