|
|
Add these rules to protect yourself againsed the SSH brute force attack.
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH
iptables -N SSH_WHITELIST
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -j SSH_WHITELIST
iptables -A SSH_WHITELIST -s $TRUSTED_HOST -m recent –remove –name SSH -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –rttl –name SSH -j ULOG –ulog-prefix SSH_brute_force
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –rttl –name SSH -j DROP
Re: SSH Brute Force Attack IPTABLES Rules
|
#!/bin/bash
TRUSTED_HOST1=10.0.0.0/8
IPTABLES=/sbin/iptables
$IPTABLES -F
$IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
$IPTABLES -N SSH_WHITELIST
$IPTABLES -N SSH_BF
$IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
for I in 10.0.0.0/8 65.209.7.97/27; do
$IPTABLES -A SSH_WHITELIST -s $I -m recent --remove --name SSH -j ACCEPT
done
#$IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j ULOG --ulog-prefix SSH_brute_force
#$IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
$IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name SSH --set --rsource -j SSH_BF
$IPTABLES -A SSH_BF -m recent ! --rcheck --seconds 60 --hitcount 3 --name SSH --rsource -j RETURN
$IPTABLES -A SSH_BF -j LOG --log-prefix "SSH Brute Force Attempt: "
$IPTABLES -A SSH_BF -p tcp -j DROP
|
Re: SSH Brute Force Attack IPTABLES Rules
|
| http://www.opensubscriber.com/message/netfilter@lists.netfilter.org/1609886.html |
Re: SSH Brute Force Attack IPTABLES Rules
|
#!/bin/bash
echo “Adding SSH Brute Force Firewall Rules”
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –rttl –name SSH -j ULOG –ulog-prefix SSH_brute_force
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –rttl –name SSH -j DROP
sleep 3
iptables -N SSH_WHITELIST
sleep 3
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -j SSH_WHITELIST
sleep 3
if [ -f /etc/trustedhosts.txt ]
then
for TRUSTED_HOST in `cat /etc/trustedhosts.txt`
do
iptables -A SSH_WHITELIST -s $TRUSTED_HOST -m recent –remove –name SSH -j ACCEPT
done
else
echo “No Whitelist file exists”
fi |
Using bbc1.9e-btf (not the most recent version as of this writing, but it matched the old system) generated this message in BBOUT:
Mon Apr 10 12:45:55 2006 bb-local.sh /bin/sort: open failed: +4: No such file or directory
The DISK status page showed:
red Mon Apr 10 11:25:35 EDT 2006 – Filesystem of /usr/local/bb/bbc1.9e-btf/tmp is FULL
Which at first didn’t seem related, but it went away when the issue was resolved.
I’m posting this just because I’m sick of having to re-figure out the command line whenever I have to do it!
The idea is to process each file in the current path in the form of *.jpg, then resize it to a max of 96×96 (so when complete, the final image will not have a max dimension over 96, but it will scale so one dimension will likely be less), then write the new image into a pre-created folder from the current path named ‘converted’.
for I in *.jpg; do convert $I -resize 96x96 converted/$I; done
| When upgrading from Fedora Core 3 to Fedora Core 4, you end up getting PHP5. Many people suggest downgrading to get NetJuke to work, but I don’t like that!
The message in the logs is:
[client 71.192.16.106] PHP Parse error: parse error, unexpected T_PRIVATE in /var/www/html/netjuke/lib/inc-common.php on line 675
Link: http://www.jinzora.com/njforums/viewtopic.php?t=596&sid=53c5ea8dcb1af614e9f359e3988e1f73
This article descibes one person’s success with getting NetJuke to work with PHP5. Just downlaod the file and replace the two files in your NetJuke tree.
I have also included the file on NetGuy in case it disappears: http://www.netguy.org/nuke/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=1 |
 |
|
I know this is in Linux and there should be a Gimp category, but whatever…
I do this with regularity, and always have to Google the instructions. So here they are!
The Gimp: Making Colors in a GIF Transparent
By Crouse
USA Linux Users Group
Web Site: http://www.usalug.org
Sometimes when working with an image you want to make a certain color transparent. When working with a gif file this would make a round circle look round on any color background. This is actually very simple once you do it once. Finding the information for this took me a while so I thought I would pass it on to anyone that was interested.
1. Open your image in the gimp.
2. Right click the image and go to LAYERS then Transparency->ADD ALPHA CHANNEL.
3. Right click on the image again and go to SELECT and then down to BY COLOR.
4. Now click on the color in the image you want to be transparent. These colors will now show up outlined.
5. Right click on the image again and go to EDIT and then down to CLEAR (or Ctrl-X). This should now erase the outlined color you just picked from the image and the “transparent gimp checkerbox” should show through.
6. Right click on the image and choose SAVE AS and make sure to save as a GIF file if you want the transparency to work on the web.
Another fun feature that can be used while using the SELECT and BY COLOR ….. instead of hitting CLEAR you can FILL W BG COLOR or the other one FILL W FG COLOR ……….. this allows you to change the colors over the entire image instantly for the particular pixel color you choose to start with. Very fast and fun once you figure this out.
A short article with links and ‘needs’ to get Spamassassin working with SARE updates, etc.
Run the following and fix errors:
spamassassin -D --lint 2>&1 | grep -i fail
– Used ‘yum install perl-Razor-Agent’ to resolve the Razor2::Client::Agent dependancy
– Had to build Net::Ident by hand
Run sa-update once to populate the default rules. They should be in /var/lib/spamassassin in a folder with the version of SA you are running.
Then you can follow the directions here http://saupdates.openprotect.com/ to configure you installation to use the extra SARE rules.
You can add Pop-Up functionality to a web page quickly and easily with a little Javascript. This is useful for help screens or any other informational screens where you don’t need a browser window with full functionality and you don’t want to lose your existing page.To do this, add the following to the <HEAD> portion of your HTML document:
< SCRIPT LANGUAGE="JavaScript" type="text/javascript>
< !-- Begin
function popexternal( h ) {
if( h ) {
var offsite = window.open( h, "offsite", 'width=800, height=600, left=5, top=5, menubar=no, scrollbars=yes, resizable=yes, toolbar=no' );
offsite.focus();
}
}
// End -->
< /SCRIPT>
Then set up your href links like this:
<a href="javascript:popexternal( '/help.html' )">HELP!</a>
This will open a new browser window with the geometry specified in the ‘function’ and display the relative URL ‘help.html’.
In Perl, you can add the same Javascript function to your page like this:
my $jscript =<<END;
function popexternal( h ) {
if( h ) {
var offsite = window.open( h, "offsite", 'width=800, height=600, left=5, top=5, menubar=no, scrollbars=yes, resizable=yes, toolbar=no' );
offsite.focus();
}
}
END
# Page header, etc
print header, start_html(-title => "Basic Web Page ",
-script => {-language => 'JAVASCRIPT', -code => $jscript},
);
As of this writing, this method of generating a pop-up is NOT captured by Windows XP SP2’s pop-up blocker.
Another topic because I’m tired of looking it up!
This is the command to identify traffic to/from a given IP from the Packeteer CLI:
traffic flow -tupxICA <ip address>
Please don’t contact me if your are offended – I won’t respond!
Bad Tech Support
Ding, Fries are done!
When you log into an ICA session (like through http://mydesktop.nmhschool.org) you are prompted to decide on local drive access – All, RO, none – and then whether to ask always, sometimes, or never. Some of us have wondered how to change the behavior if you checked the ‘Never Ask’ button, but change your mind.
In your system root directory (like C:\Windows on 9x or C:\WinNT on NT or 2K), there is a file named webica.ini. Open it and delete the line ‘GlobalSecurityAccess’. This may not be the best way, but it works.
BTW: This is a MACHINE setting, not an ACCOUNT setting. If you make a permanent change on one computer, all users of that computer will have the same setting. Likewise, don’t expect your setting to follow you to another computer. That being said, we should come up with a permanent setting for public machines so the public does not make the decision for us.
Citrix uses a number of HotKeys (or shortcuts) that conflict with other applications. Most recently we found that Shift+F2 conflicted with a BlackBaud Raiser’s Edge shortcut.
BB had the following comments:
Solution ID: BB97598
Applicable Product(s): Raiser’s Edge 7
Here is the solution: How to load defaults using a function key other than Shift + F2
This has been filed as a suggestion. While we may not implement it, we will review it for possible use in future product development. Add me to the list.
Here is the problem or goal:
How to load defaults using a function key other than Shift + F2
How to re-map the hot key for loading defaults
Problem Environment:
Records – Constituents
Records – Gifts
Citrix
S47403-052103
Causes of this problem:
With Citrix Shift F2 toggles the screen
Citrix tells us how to re-map ICA keys:
http://www.awprofessional.com/articles/article.asp?p=29637&seqNum=4
Hotkeys
The hotkeys or shortcut keys used in the Citrix ICA client are different from the keys used by the Terminal Server client. You can define the hotkeys used in a Citrix session within Citrix Program Neighborhood by selecting ICA Settings from the Tools menu and then clicking the Hotkeys tab. The hotkeys you can set under this tab are shown in Figure 12.7. As you can see, you can easily redefine the keys as you need them.
This option is available if the FULL Citrix Program Neighborhood is installed.
Start->Programs->Citrix ICA Client->Program Neighborhood
Citrix ICA: ICA file not found message when access VDT from MyDesktop.nmhschool.org
First, make sure all security is set to default.
This from:
http://www2.slac.stanford.edu/computing/windows/services/citrix/faq_xp.htm#Error:%20ICA%20File%20Not%20Found
Error: ICA File Not Found
Users may receive the ICA File Not Found error when launching published applications through NFuse.
The following scenarios are known to produce the ICA File Not Found error:
1. Web pages are served with HTTPS and client can not save encrypted pages to disk
When a user clicks an application icon, the launch.ica file is downloaded from the web server and then executed by the local ICA client. If the NFuse web server is using SSL (https://…) and your browser is configured not to save encrypted pages to disk, the launch.ica file can not be written to disk and the ICA client has no file to open.
To resolve this issue, at the client machine:
o In Internet Explorer select go Tools > Internet Options
o Select the Advanced tab
o Beneath the Security section of options, uncheck the option called Do Not save encrypted pages to disk
2. Excessive internet cache
On Windows computers with large hard drives, the Temporary Internet Files folder used by Internet Explorer can become excessively large, causing too much of a delay in the time required to save the launch.ica file and then retrieve it for use by the ICA client.
To resolve this isue, clear the browser cache:
o In Internet Explorer select go Tools > Internet Options
o Select the General tab
o In the Temporary Internet files section of options, click the Delete Files button.
o You may also want to click the Settings button to decrease the amount of disk space to use for the Internet cache.
The NetGuy is proud to announce the creation of NetGuy.org! (http://www.netguy.org)
NetGuy.org uses WordPress.
NetGuy.org is dedicated to discussion around technology topics that are specific to the writer’s environment. That includes Linux (CentOS & RedHat specifically, but not exclusively), VMWare, Citrix, Microsoft Windows, Microsoft Office, MySQL, network infrastructure, Perl, etc.
Also visit our supporting sites: StevenStinks.com, Luser650.com and GalwayLand.
The NetGuy Management Team
HowTo Boot up a headless Compaq (perhaps other systems) without getting the keyboard message requiring that you hit F1
Got the required info from here: http://www.computing.net/hardware/wwwboard/forum/39905.html
Turns out Compaq released a small patch to fix this. The alternative is to select “Network Server” mode, but I have never seem this.
The file is at ftp://ftp.compaq.com/pub/softpaq/sp0501-1000/sp0667.zip and copied to ftp://chowder.nmhschool.org/pub/apps/compaq/SP0667.EXE
|
|
