• Centos 7 how to save iptables rules like Centos 6


    yum install iptables-services systemctl enable iptables service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]........
  • Debian Ubuntu Mint Howto Create Bridge (br0)


    Having a network bridge allows you to bridge traffic under multiple devices so they can talk natively without using any special routing, iptables/firewall or other trickery. To create your bridge you need the bridge-utils package for brctl and if you want to do things like bridge VMs that run on a tap device you will need the uml-utilities which provides "tunctl". Install the utilities to make our bridge sudo apt-get install........
  • ssh reverse proxy to enable remote access behind a LAN and firewall


    So say you are behind a typical NAT/LAN setup whether at home, work or while travelling. What if you have a computer or server that you need to connect to from the outside? Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature. Requirements On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be........
  • iptables linux firewall recommended rules for public computing


    Whether you are at work, at the coffee shop or on the public internet here are some basic but effective rules for iptables that lock things down (eg. no one can SMB or SSH to you or really anything): # Generated by iptables-save v1.4.21 on Fri Dec 14 14:00:08 2018 *nat :PREROUTING ACCEPT [160:19844] :INPUT ACCEPT [4:357] :OUTPUT ACCEPT [2955:182236] :POSTROUTING ACCEPT [2955:182236] COMMIT # Completed on Fri Dec 14........
  • systemd management using systemctl and journalctl to check systemd logs


    systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system. The key commands or arguments you will use with systemctl are the following: Unit Commands: list-units [PATTERN...] List loaded units &nbs........
  • How To Secure Samba NMBD/SMBD to bind to a specific IP address


    By default Samba SMB/NMB listen on ANY and ALLIPs on your system by binding to 0.0.0.0. Obviously this is a huge security risk if you have a public facing server with both internal and external access. Usually when a system administrator sets up a samba server their intention is just to share with a LAN. To do this you need to the following options under the [global] section in smb.conf bind interfaces only = yes interfaces = 192........
  • mysqld in Linux hacked


    Check for crap in /var/lib/mysql like this ls -al /var/lib/mysql/ total 20888 drwxr-xr-x 24 mysql mysql 4096 Oct 3 18:30 . drwxr-xr-x 20 root root 4096 Oct 3 04:23 .. -rw-rw-rw- 1 mysql mysql 11776 Oct 3 17:10 c:exp.exe -rw-rw-rw- 1 mysql mysql 48128 Oct 3 17:10 c:exp1.exe........
  • Linux Mint Install Netboot PXE Guide Howto


    *Update so this doesn't work it must be something to do with the path of nfs or something else but the installer fails with "Installer crashed" at the end whereas with the CD/USB it works. This assumes you've already installed and configured a separate PXE/DHCP server somewhere else and your /tftpboot directory is setup. This is for Linux Mint 18.1 but generally applies to most versions although you may have tro change things like "casper"........
  • MySQL Allow Access from Remote Host IP and Update All Users


    Change Host="192.168.5.99" with the remote IP allowed(this is of course more secure but also cumbersome if your IP changes). You could also have a single layer of protection that specifies the IP via firewall or both (of course both are far mor secure). UPDATE user SET Host="192.168.5.99" where Host="localhost" or for any/wildcard UPDATE user SET Host="%" where Host="localhost&qu........
  • The connection was reset The connection to the server was reset while the page was loading.


    In Firefox I cannot connect to any website, proxy is disabled and outside network access is confirmed, no system or manual proxy was set on this Linux Mint/Ubuntu system. Normally this can be caused by proxy or DNS problems and the weird thing is that traceroute and ping to other IPs worked fine but even connecting to sites by IP was not working. The connection was reset The connection to the server was reset while the page was loading.........
  • iptables: Applying firewall rules: iptables-restore: line 40 failed


    service iptables start iptables: Applying firewall rules: iptables-restore: line 40 failed [FAILED]........
  • bash for loop with specific numbers


    Say if you need to make a firewall script to block certain ports this works great. for ports in 21 25 443; do iptables rules here done........
  • SSH Tunnel Dynamic Proxy Stops Working Right Away even with Root and High Port


    I keep getting messages like this shortly after using the proxy (it works for a few seconds/page loads and then stops): channel 12: open failed: administratively prohibited: open failed I'm not sure what the issue is unless there's some kind of hardware firewall on the other end. I've used this exact configuration on multiple servers with no issue and even disabled iptables etc..........
  • named/bind cannot find zone file, load zone files without specifying full directory path/loading master file genuine.com.zone: file not found


    genuine.com/IN: loading master file genuine.com.zone: file not found _default/genuine.com/IN: file not found I always found it silly that no one really talks about this and apparently many like me and even control panels like Plesk were still using hard paths. I always thought "why can't I just specify the name of the zone file and have bind find it". Surely the default search path must be /var/named or somewhere else but there is no such thing.........
  • Ubuntu/Debian DRBD 8.0 Setup Guide


    I've only used it on Centos, soI thought I'd make a quick Debian guide: Install the DRBD Package apt-get install drbd8-utils Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libswfdec-0.8-0 Use 'apt-get autoremove' to remove them. The following........
  • DRBD WFConnection Problem/Solution


    This has stumped me a few times because I keep forgetting that Centos 5.5 comes with a default iptables configuration that ends up blocking DRBD traffic,I tried all the normal things and couldn't understand why I couldn't make my normal DRBD config work. So if you have WFConnection problems and have tried the normal "mailing list" fixes, check your firewall status first! Both Nodes Say the Following: version: 8.3.8 (api:88/prot........
  • MySQL Recover/Reset Lost/Forgotten root Password


    One note is to secure MySQL, I don't know for sure but I believe you could login to MySQL remotely with no password during this operation (I'm not sure, maybe it doesn't accept blank passwords but I firewall MySQL port anyway and recommend you do the same). First edit /etc/my.cf Under the [mysqld] field add the following line somewhere: skip-grant-tables Now restart mysql: service mysql restart or on Debian sty........
  • Trouble connecting between Windows XP and Windows 98 Shares


    Trouble connecting between Windows XP and Windows 98 SharesOk a few things to check for: * Disable all firewalls * Make sure NetBEUI is enabled on both computers * Make sure the Windows XP computer has the name of the computer logged in user of Windows 98 added as an XP user * Add the XP user to anything you want to share That fixed my problem........
  • Helpful IPFW Examples


    Helpful IPFW ExamplesSomeone's real life examples: http://lists.freebsd.org/pipermail/freebsd-security/2004-July/002181.html Or you can try the FreeBSD Handbook guide: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html........
  • Proftp Passive Ports


    Proftp Passive PortsIf you use a locked down firewall you can edit proftpd.conf and tell it something like this: [quote:8419cab1f8]PassivePorts 6170 6270[/quote:8419cab1f8] That would force all passive ftp traffic to ports 6170 6270 which you could then open on your firewall rather than leaving open ports 1024-65000 open........
  • Basic Port Listing


    Basic Port ListingHopefully someone finds this useful or at least interesting. http://www.sans.org/top20/#u9 Name Port Protocol Description Small services ........
  • Linux/Unix Open SSH Login Without Password Key Exchange including Debian, Redhat, Fedora, Ubuntu, BSD etc..


    In those 4 simple commands you can setup mutual key exchange between two sshservers by using a single login shell session and single window. *Just change the IP address examples of (10.10.0.2) to the target of your mutual key exchange. It doesn't matter if the server is on a LANor WAN(well unless the server is behind a firewall and you cannot SSHinto it).........
  • How To Save iptables firewall rules Centos/Redhat/Fedora Linux


    This is something that annoys a lot of people, fortunately the Redhat style OS's are the most simple in this respect. I disagree that Debian's way makes sense, it is more of a hackish approach in how they implement iptables. Anyway, for those who are using Redhat/Centos style OS's it is very simple. Set your rules from the shell/command prompt and to save the iptables firewall rules so they are remember/loaded on boot just run this command: service iptables........
  • Latest Articles

  • CentOS 6 and 7 / RHEL Persistent DHCP Solution
  • Debian Ubuntu Mint rc-local service startup error solution rc-local.service: Failed at step EXEC spawning /etc/rc.local: Exec format error
  • MySQL Cheatsheet Guide and Tutorial
  • bash script kill whois or other command that is running for too long
  • Linux tftp listens on all interfaces and IPs by DEFAULT Security Risk Hole Solution
  • python import docx error
  • Cisco Unified Communications Manager Express Cheatsheet CUCME CME
  • Linux Ubuntu Debian Missing privilege separation directory: /var/run/sshd
  • bash how to count the number of columns or words in a line
  • bash if statement how to test program output without assigning to variable
  • RTNETLINK answers: Network is unreachable
  • Centos 7 how to save iptables rules like Centos 6
  • nfs tuning maximum amount of connections
  • qemu-kvm error "Could not initialize SDL(No available video device) - exiting"
  • Centos 7 tftpd will not work with selinux enabled
  • Debian Ubuntu Mint Howto Create Bridge (br0)
  • How To Control Interface that dhcpd server listens to on Debian based Linux like Mint and Ubuntu
  • LUKS unable to type password to unlock during boot on Debian, Ubuntu and Mint
  • Debian Ubuntu and Linux Mint Broken Kernel After Date - New Extra Module Naming Convention
  • Wordpress overwrites and wipes out custom htaccess rules and changes soluton