Tuesday, March 22, 2011
Anu
I seem to work best at night, it’s dark out, and generally quite dark inside too; there is more bandwidth because it is off peek, and in general there is nobody coming over or phoning and interrupting me. Incidentally, its also when I do the majority of my reading, at home; in bed, at night. Much more pleasant that way…
PSAD
Anyway, the latest tut I have been post is called “Linux Firewalls – Attack detection and response with iptables, PSAD and FWSNORT” – the site where PSAD, FWSNORT and a fair few other Linux and security tools are developed. Now, you may think that with a title like that your going to have to know a lot about Linux and Firewalls before you begin but that is simply not true, Linux Firewalls takes you right from the very start of how iptables works to manually porting Snort rules over to iptables for detection, and in my humble opinion, it does a damn good job of it. In fact, it done such a good job of it, I have used the reference firewall scripts and PSAD configurations to install and configure iptables and PSAD on my new VPS, which I will hopefully be moving some of my sites to.
PSAD
Anyway, the latest tut I have been post is called “Linux Firewalls – Attack detection and response with iptables, PSAD and FWSNORT” – the site where PSAD, FWSNORT and a fair few other Linux and security tools are developed. Now, you may think that with a title like that your going to have to know a lot about Linux and Firewalls before you begin but that is simply not true, Linux Firewalls takes you right from the very start of how iptables works to manually porting Snort rules over to iptables for detection, and in my humble opinion, it does a damn good job of it. In fact, it done such a good job of it, I have used the reference firewall scripts and PSAD configurations to install and configure iptables and PSAD on my new VPS, which I will hopefully be moving some of my sites to.
Some of the things you should probably have already if you want to get the best out of Linux Firewalls is…
- A comfortable familiarity with the distribution of Linux you wish to use.
- Basic understanding of how networks communicate.
- Reasonable understanding of how TCP works (ie. the three way handshake)
- Reasonable understanding of how UDP works
- A system to test this stuff on, if you don’t have a system to test this stuff out on, you could always set up a few virtual machines using VirtualBox or VMWare.
- A will to learn about this kind of stuff
Missing any one of these things (except the will to learn, thats pretty important) probably isn’t going to be a huge deal, but if your missing a lot of them, you might struggle a bit with some of the concepts.
Here is a sample of one of the basic Linux Firewall scripts that I have adapted from the book…
#!/bin/sh
#Port and IP addresses changed to protect the innocent.
IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe
### Flush existing rules and settings. Set to default drop.
echo "[+] Flushing existing iptables rules..."
$IPTABLES -F
$IPTABLES -X
#$IPTABLES -t nat -F
CLICK HERE TO DOWNLOAD FULL SCRIPT (1.82KB)
I hope that this imprompt topics at least some help to you.
Thnks...
Posted in
0 comments:
Post a Comment