DOCSLIB.ORG

Ubuntu Firewall Project

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ubuntu Firewall Project Ubuntu Firewall Project Contents Introduction ................................................................................................................................................................................................................... 4 Prerequisites .................................................................................................................................................................................................................. 7 Firewall Management Machine ..................................................................................................................................................................................... 7 Install Ubuntu Jaunty 9.04 Desktop ........................................................................................................................................................................... 7 Configuration ............................................................................................................................................................................................................. 9 Login ....................................................................................................................................................................................................................... 9 Update Manager .................................................................................................................................................................................................... 9 Install VMware‐tools ............................................................................................................................................................................................ 10 Set Static IP Address ............................................................................................................................................................................................. 11 Install Webmin ......................................................................................................................................................................................................... 12 Download Webmin .............................................................................................................................................................................................. 12 Webmin Security Setup ....................................................................................................................................................................................... 13 Install FWBuilder 3.07 .............................................................................................................................................................................................. 14 Download FWBuilder 3.07 ................................................................................................................................................................................... 14 Install FWBuilder .................................................................................................................................................................................................. 15 Configure Host file ................................................................................................................................................................................................... 15 Finish Firewall server before continuing .................................................................................................................................................................. 16 Firewall Machine .......................................................................................................................................................................................................... 16 Install Ubuntu Jaunty 9.04 Server ............................................................................................................................................................................ 16 Configuration ........................................................................................................................................................................................................... 20 Login ..................................................................................................................................................................................................................... 20 Page 1 of 93 Ubuntu Firewall Project v1.0 (2010.02.28) Author: Brandt Winchell Update Manager .................................................................................................................................................................................................. 20 Install VMware‐tools ............................................................................................................................................................................................ 20 Set Static IP Addresses (Temporary) .................................................................................................................................................................... 22 Install wget ........................................................................................................................................................................................................... 22 Install IP Tables .................................................................................................................................................................................................... 22 Install SSH ............................................................................................................................................................................................................. 22 Install Webmin ......................................................................................................................................................................................................... 23 Download Webmin .............................................................................................................................................................................................. 23 Webmin Security Setup ....................................................................................................................................................................................... 24 Set Static IP Address (Permanent) ........................................................................................................................................................................... 25 FWBuilder Configuration ............................................................................................................................................................................................. 26 Firewall machine ...................................................................................................................................................................................................... 26 FWmanagement machine ........................................................................................................................................................................................ 28 Configure your Policy ........................................................................................................................................................................................... 29 Configure FWBuilder log prefix and options ........................................................................................................................................................ 35 Save and Compile Rules ....................................................................................................................................................................................... 35 Deploy the Firewall Rules ............................................................................................................................................................................................. 36 Test SSH access ........................................................................................................................................................................................................ 36 Create test Policy Rule ............................................................................................................................................................................................. 36 Configure Logging ........................................................................................................................................................................................................ 39 Install MySQL ........................................................................................................................................................................................................... 39 Configure MySQL ..................................................................................................................................................................................................... 40 Install Rsyslog ........................................................................................................................................................................................................... 58
Load more

Recommended publications
  • Ispconfig 3 Manual]
    [ISPConfig 3 Manual] ISPConfig 3 Manual Version 1.0 for ISPConfig 3.0.3 Author: Falko Timme <[email protected]> Last edited 09/30/2010 1 The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed form for your personal use. All rights reserved. This copy was issued to: Thomas CARTER - [email protected] - Date: 2010-11-20 [ISPConfig 3 Manual] ISPConfig 3 is an open source hosting control panel for Linux and is capable of managing multiple servers from one control panel. ISPConfig 3 is licensed under BSD license. Managed Services and Features • Manage one or more servers from one control panel (multiserver management) • Different permission levels (administrators, resellers and clients) + email user level provided by a roundcube plugin for ISPConfig • Httpd (virtual hosts, domain- and IP-based) • FTP, SFTP, SCP • WebDAV • DNS (A, AAAA, ALIAS, CNAME, HINFO, MX, NS, PTR, RP, SRV, TXT records) • POP3, IMAP • Email autoresponder • Server-based mail filtering • Advanced email spamfilter and antivirus filter • MySQL client-databases • Webalizer and/or AWStats statistics • Harddisk quota • Mail quota • Traffic limits and statistics • IP addresses 2 The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by any process (electronic or otherwise) without the written specific consent of projektfarm GmbH.
    [Show full text]
  • G7: RASC Halifax Centre Website Standard Operating Procedures (SOP) (Adopted November 2, 2019)
    Royal Astronomical Society of Canada (RASC), Halifax Centre Dedicated to the Advancement of Astronomy and Allied Sciences G7: RASC Halifax Centre Website Standard Operating Procedures (SOP) (Adopted November 2, 2019) Background: In October 2005, the standard operating procedures (SOP) for the RASC Halifax Centre website were developed and defined who was responsible for the various aspects of the Centre’s website and for making changes to it. During 2019, the Centre’s website was upgraded to use a new content management system. The SOP was consequently changed to reflect the changes made. Rationale: The SOP defines the assignment of responsibility for making changes to the site on an ongoing basis. Policies Relating to the RASC Halifax Centre Website Standard Operating Procedures: 1. The RASC Halifax Centre maintains a web page at http://halifax.rasc.ca on a server maintained by the Department of Astronomy & Physics, Saint Mary's University (SMUDA&P). Upload privileges are held by selected SMUDA&P staff, the RASC Halifax Centre webmaster, the RASC Halifax Vice-President, and the organizers of the annual Nova East Star Party. 2. The website is created using the Joomla content management system. All page editing is done using a web-based interface. The site for the centre (halifax.rasc.ca) and Nova East (novaeast.rasc.ca) are separate Joomla sites. These sites and associated email addresses and mailing lists are contained in a "Virtualmin" on the serverpluto.smu.ca. The login is at: https://halifax.rasc.ca:10000/ (password can be made available by SMUDA&P staff). 3. The Webmaster reports to the RASC Halifax Centre Board of Directors through the President and accepts new material for the web page from the Board.
    [Show full text]
  • Webmaster - Web Designer
    Webmaster - Web Designer (INTERNATIONAL LOGISTICS – GLOBAL SUPPLY CHAIN) Baltimore, MD 21230 (Locust Point, McHenry Row) O Web Designer, Webmaster, wherefore art thou creative website guru? In a world facing new challenges, a nimble but steady ship is more important than ever. Is there a seat on our boat for you? Want a career, not a job? Find out. In a modern era where expertise is often devalued, Shapiro stands strong at 105-years old. We’re so compliant that US Customs learns from us! Our headquarters was named as a “Best Place to Work.” Shapiro is not your grandpa’s shipping company. We have a track record of transparency, developing employees, and investing in our environment like office space and now…work-from-home technology. At Shapiro, our Web Designer/Webmaster is an integral member of Shapiro's marketing team. Responsibilities include bringing Shapiro's digital website strategy to life across all digital touchpoints. You will also own the shapiro.com web platform to expand our brand presence, maintain our website content, and ensure security. JOB DESCRIPTION Responsibilities include: • Design website pages that are user-friendly, attractive, and engaging while remaining loyal to the company brand and promoting the company image and values. Excellent internal customer service in an engaging environment. • Add new site elements and update content on existing pages to keep the website fresh and exciting. • Ensure all content is optimized for search engines (SEO) to drive traffic to pages. • Track and analyze all website visitors and create regular analytics reports to show increases and decreases in traffic/conversions.
    [Show full text]
  • Log-Management-Tenshi.Pdf
    Network Monitoring and Management Log Management Network Startup Resource Center www.ws.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Log Management & Monitoring • Keep your logs in a secure place • Where they can be easily inspected • Watch your log file • They contain important information – Many things happen – Someone needs to review them – It’s not practical to do this manually Log Management & Monitoring On your routers and switches And, on your servers Log Management • Centralize and consolidate log files • Send all log messages from your routers, switches and servers to a single node – a log server. • All network hardware and UNIX/Linux servers can be monitored using some version of syslog (we use either syslog-ng or rsyslog for this workshop). • Windows can, also, use syslog with extra tools. • Save a copy of the logs locally, but, also, save them to a central log server. Syslog Basics Uses UDP protocol, port 514 Syslog messages have two attributes (in addition to the message itself): Facility Level Auth Security | Emergency (0) Authpriv User | Alert (1) Console Syslog | Critical (2) Cron UUCP | Error (3) Daemon Mail | Warning (4) Ftp Ntp | Notice (5) Kern News | Info (6) Lpr | Debug (7) Local0 ...Local7 | Centralized Logging Configuring Centralized Logging Cisco hardware – At a minimum: logging ip.of.logging.host Unix and Linux nodes – In syslogd.conf, or in rsyslog.conf, add: *.* @ip.of.log.host – Restart syslogd, rsyslog or syslog-ng Other equipment have similar options – Options to control facility and level Receiving Messages – syslog-ng • Identify the facility that the equipment is going to use to send its messages.
    [Show full text]
  • NXLOG Community Edition Reference Manual for V2.9.1716 I
    Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 i NXLOG Community Edition Reference Manual for v2.9.1716 Ed. v2.9.1716 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 ii Copyright © 2009-2014 NXLog Ltd. Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iii Contents 1 Introduction 1 1.1 Overview . .1 1.2 Features . .1 1.2.1 Multiplatform . .1 1.2.2 Modular architecture . .1 1.2.3 Client-server mode . .2 1.2.4 Log message sources and destinations . .2 1.2.5 Importance of security . .2 1.2.6 Scalable multi-threaded architecture . .2 1.2.7 High performance I/O . .2 1.2.8 Message buffering . .2 1.2.9 Prioritized processing . .3 1.2.10 Avoiding lost messages . .3 1.2.11 Apache-style configuration syntax . .3 1.2.12 Built-in config language . .3 1.2.13 Scheduled tasks . .3 1.2.14 Log rotation . .3 1.2.15 Different log message formats . .4 1.2.16 Advanced message processing capabilites . .4 1.2.17 Offline processing mode . .4 1.2.18 Character set and i18n support . .4 2 Installation and quickstart 5 2.1 Microsoft Windows . .5 2.2 GNU/Linux . .6 2.2.1 Installing from DEB packages (Debian, Ubuntu) . .6 2.2.2 Installing from RPM packages (CentOS, RedHat) . .6 2.2.3 Configuring nxlog on GNU/Linux . .6 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iv 3 Architecture and concepts 7 3.1 History .
    [Show full text]
  • Fedora 16 System Administrator's Guide
    Fedora 16 System Administrator's Guide Deployment, Configuration, and Administration of Fedora 16 Jaromír Hradílek Douglas Silas Martin Prpič Eva Kopalová Eliška Slobodová Tomáš Čapek Petr Kovář Miroslav Svoboda System Administrator's Guide John Ha David O'Brien Michael Hideo Don Domingo Fedora 16 System Administrator's Guide Deployment, Configuration, and Administration of Fedora 16 Edition 1 Author Jaromír Hradílek [email protected] Author Douglas Silas [email protected] Author Martin Prpič [email protected] Author Eva Kopalová [email protected] Author Eliška Slobodová [email protected] Author Tomáš Čapek [email protected] Author Petr Kovář [email protected] Author Miroslav Svoboda [email protected] Author John Ha Author David O'Brien Author Michael Hideo Author Don Domingo Copyright © 2011 Red Hat, Inc. and others. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
    [Show full text]
  • Ubuntu Server Guide Basic Installation Preparing to Install
    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
    [Show full text]
  • Linux and Open Source for (Almost) Zero Cost PCI Compliance
    Linux and Open Source for (Almost) Zero Cost PCI Compliance Rafeeq Rehman 2 Some Introductory Notes ¡ Payment Card Industry (PCI) standard is not a government regulaon. ¡ Who needs to comply with PCI? ¡ Twelve major requirements covering policy, processes, and technology to protect Credit Card Data. ¡ What is Credit Card Data? ¡ Few Clarificaons ¡ Payment Card Industry (PCI) requires some tasks to be performed by external vendors depending upon merchant level. There is no other way around, unfortunately. ¡ Open Source soluCons do need people. That is why it is almost free but not totally free. 9/10/11 3 What the Auditors Look For? ¡ Is PCI just a checklist? ¡ Are auditors genuinely interested in securing the PCI data? ¡ Does it maer if you use an open source or commercial product to meet PCI requirements? ¡ What if you meet PCI requirements while improving security and spending less money? 9/10/11 4 Is it viable to use Open Source for PCI Compliance? ¡ Is there a real company who uses Open Source soQware to achieve PCI compliance? Is it even possible? ¡ PCI 2.0 focuses more on Risk based approach. ¡ PCI (or any compliance) is boring! Make it interesCng by using Open Source. 9/10/11 5 PCI Biggest Expenses 1. Log Management (Storage and archiving, Monitoring and Alerng) 2. Vulnerability Scanning 3. Network Firewalls and Network Segmentaon 4. Intrusion DetecCon System 5. EncrypCon for data-at-rest 6. File Integrity Monitoring 7. IdenCty Management (Password controls, Two factor for remote access, Role based access) 9/10/11 6 AddiConal PCI
    [Show full text]
  • Red Hat Openstack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide
    Red Hat OpenStack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide An In-Depth Guide to OpenStack Logging, Monitoring, and Troubleshooting Last Updated: 2021-05-13 Red Hat OpenStack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide An In-Depth Guide to OpenStack Logging, Monitoring, and Troubleshooting OpenStack Team [email protected] Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
    [Show full text]
  • A Survey on Search Engine Optimization (SEO)
    Int'l Journal of Computing, Communications & Instrumentation Engg. (IJCCIE) Vol. 4, Issue 2 (2017) ISSN 2349-1469 EISSN 2349-1477 A Survey on Search Engine Optimization (SEO) Anis ISMAIL and Firas ABDALLAH Abstract— With the growth of Internet in the recent years, search engine such as Google, Bing and Yahoo are becoming more and more important. The role of the search engines is to index billions of web pages and display only the most relevant results for a given search query. When creating the website, many webmasters forget to take into consideration an essential factor, which is making the world aware of their website. Most of times, main focus is set on making the website as user-friendly as possible, stable, fast and secure. In this paper, we present may techniques that are sometimes useless. The aim of these techniques is to verify if the website does not have visitors or simply not found. Fig. 1.Different SEO Techniques [3] Most of the times, SEO is just simply a method of building Keywords—Internet, Google, Bing, Yahoo, search engines, the structure of the website in a way that it will allow search SEO. engines to understand what the website is all about. The majority of the web visitors are driven to websites by search I. INTRODUCTION engines such as Google, Bing and Yahoo. Despite the fact that Search engine is an application used to help find information social media such as Facebook, Twitter and even Youtube and on the internet. The search engine is usually accessed through a many others can still be the source of visitors to a website, page on a website that allows a user to search the content of search engines remains the primary method of locating and billions of websites on the web by entering a set of keywords into a search textbox [1].
    [Show full text]
  • A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
    Session C2: World Wide Web of Wickedness CCS’17, October 30-November 3, 2017, Dallas, TX, USA Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting Samaneh Tajalizadehkhoob Tom Van Goethem Maciej Korczyński Delft University of Technology imec-DistriNet, KU Leuven Delft University of Technology Arman Noroozian Rainer Böhme Tyler Moore Delft University of Technology Innsbruck University The University of Tulsa Wouter Joosen Michel van Eeten imec-DistriNet, KU Leuven Delft University of Technology ABSTRACT KEYWORDS Hosting providers play a key role in fighting web compromise, Shared hosting; hosting providers; web security; patching, large- but their ability to prevent abuse is constrained by the security scale measurement; factor analysis; empirical evaluation practices of their own customers. Shared hosting, offers a unique perspective since customers operate under restricted privileges and providers retain more control over configurations. We present the 1 INTRODUCTION first empirical analysis of the distribution of web security features Global web infrastructure is compromised at scale in support of and software patching practices in shared hosting providers, the a myriad of cybercrime business models, from phishing to botnet influence of providers on these security practices, and their impact command and control (C&C) to malware distribution. The respon- on web compromise rates. We construct provider-level features on sibility for remediating compromised resources is shared between the global market for shared hosting – containing 1,259 providers – webmasters and multiple infrastructure operators, notably hosting by gathering indicators from 442,684 domains. Exploratory factor providers, domain name registrars and internet service providers analysis of 15 indicators identifies four main latent factors that (ISPs).
    [Show full text]
  • Club Webmaster
    KEY CLUB OFFICER KEY CLUB WEBBe the MASTER WEBBe the MASTER Be the Webmaster Congratulations on being elected club webmaster. The role of webmaster is very important, and the work you do this year will help promote your club’s activities through an online presence. Your main focus will be to create and maintain a club website, share club activities on social media, engage with your members online, and use online resources to recruit members. Every club is unique, so make your website fit your club’s needs. Meet with your advisor and other officers to determine additional responsibilities for your position. Good luck, and have a wonderful year. KEY CLUB OFFICER: Be the Webmaster | 1 Official duties Your Key Club will be as strong as your officer team, and that team is designed to empower each officer to carry out his or her own duties. When your officers work with one another, the team’s success will take precedence over individual success. Below is a list of official duties related to your position, but feel free to add to it based on the needs of your club. Create a club website. IMPORTANT NOTES 1 Each club will decide which duties will be the webmaster’s and which duties will be the editor’s. The two positions should work together to ensure the club’s message and activities are shared with a diverse audience. 2 Refer to your school or organization policies or rules prior to creating a website and social media accounts for your Key Club. Maintain accurate and 3 Be sure to reference the Key Club brand guide which up-to-date information on can be found at keyclub.org/marketing.
    [Show full text]