• Centos 7 Stopped and Disabled Firewalld and ports still blocked


    This is a gotcha but be aware sometimes iptables may be active and loaded by default. Also make sure you don't just disable firewalld but also stop it otherwise it will still block stuff: systemctl stop firewalld If the above is not the issue then it is possible iptables is running and blocking stuff too, so you'll need to stop iptables. So in addition to opening firewalld or disabling it, you would need to disable iptables........
  • Centos 7 how to save iptables rules like Centos 6


    yum install iptables-services systemctl enable iptables service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]........
  • Debian Ubuntu Mint Howto Create Bridge (br0)


    Having a network bridge allows you to bridge traffic under multiple devices so they can talk natively without using any special routing, iptables/firewall or other trickery. To create your bridge you need the bridge-utils package for brctl and if you want to do things like bridge VMs that run on a tap device you will need the uml-utilities which provides "tunctl". Install the utilities to make our bridge sudo apt-get install........
  • ssh reverse proxy to enable remote access behind a LAN and firewall


    So say you are behind a typical NAT/LAN setup whether at home, work or while travelling. What if you have a computer or server that you need to connect to from the outside? Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature. Requirements On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be........
  • iptables linux firewall recommended rules for public computing


    Whether you are at work, at the coffee shop or on the public internet here are some basic but effective rules for iptables that lock things down (eg. no one can SMB or SSH to you or really anything): # Generated by iptables-save v1.4.21 on Fri Dec 14 14:00:08 2018 *nat :PREROUTING ACCEPT [160:19844] :INPUT ACCEPT [4:357] :OUTPUT ACCEPT [2955:182236] :POSTROUTING ACCEPT [2955:182236] COMMIT # Completed on Fri Dec 14........
  • systemd management using systemctl and journalctl to check systemd logs


    systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system. The key commands or arguments you will use with systemctl are the following: Unit Commands: list-units [PATTERN...] List loaded units &nbs........
  • How To Secure Samba NMBD/SMBD to bind to a specific IP address


    By default Samba SMB/NMB listen on ANY and ALLIPs on your system by binding to 0.0.0.0. Obviously this is a huge security risk if you have a public facing server with both internal and external access. Usually when a system administrator sets up a samba server their intention is just to share with a LAN. To do this you need to the following options under the [global] section in smb.conf bind interfaces only = yes interfaces = 192........
  • mysqld in Linux hacked


    Check for crap in /var/lib/mysql like this ls -al /var/lib/mysql/ total 20888 drwxr-xr-x 24 mysql mysql 4096 Oct 3 18:30 . drwxr-xr-x 20 root root 4096 Oct 3 04:23 .. -rw-rw-rw- 1 mysql mysql 11776 Oct 3 17:10 c:exp.exe -rw-rw-rw- 1 mysql mysql 48128 Oct 3 17:10 c:exp1.exe........
  • Linux Mint Install Netboot PXE Guide Howto


    *Update so this doesn't work it must be something to do with the path of nfs or something else but the installer fails with "Installer crashed" at the end whereas with the CD/USB it works. This assumes you've already installed and configured a separate PXE/DHCP server somewhere else and your /tftpboot directory is setup. This is for Linux Mint 18.1 but generally applies to most versions although you may have tro change things like "casper"........
  • MySQL Allow Access from Remote Host IP and Update All Users


    Change Host="192.168.5.99" with the remote IP allowed(this is of course more secure but also cumbersome if your IP changes). You could also have a single layer of protection that specifies the IP via firewall or both (of course both are far mor secure). UPDATE user SET Host="192.168.5.99" where Host="localhost" or for any/wildcard UPDATE user SET Host="%" where Host="localhost&qu........
  • The connection was reset The connection to the server was reset while the page was loading.


    In Firefox I cannot connect to any website, proxy is disabled and outside network access is confirmed, no system or manual proxy was set on this Linux Mint/Ubuntu system. Normally this can be caused by proxy or DNS problems and the weird thing is that traceroute and ping to other IPs worked fine but even connecting to sites by IP was not working. The connection was reset The connection to the server was reset while the page was loading.........
  • iptables: Applying firewall rules: iptables-restore: line 40 failed


    service iptables start iptables: Applying firewall rules: iptables-restore: line 40 failed [FAILED]........
  • bash for loop with specific numbers


    Say if you need to make a firewall script to block certain ports this works great. for ports in 21 25 443; do iptables rules here done........
  • SSH Tunnel Dynamic Proxy Stops Working Right Away even with Root and High Port


    I keep getting messages like this shortly after using the proxy (it works for a few seconds/page loads and then stops): channel 12: open failed: administratively prohibited: open failed I'm not sure what the issue is unless there's some kind of hardware firewall on the other end. I've used this exact configuration on multiple servers with no issue and even disabled iptables etc..........
  • named/bind cannot find zone file, load zone files without specifying full directory path/loading master file genuine.com.zone: file not found


    genuine.com/IN: loading master file genuine.com.zone: file not found _default/genuine.com/IN: file not found I always found it silly that no one really talks about this and apparently many like me and even control panels like Plesk were still using hard paths. I always thought "why can't I just specify the name of the zone file and have bind find it". Surely the default search path must be /var/named or somewhere else but there is no such thing.........
  • Ubuntu/Debian DRBD 8.0 Setup Guide


    I've only used it on Centos, soI thought I'd make a quick Debian guide: Install the DRBD Package apt-get install drbd8-utils Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libswfdec-0.8-0 Use 'apt-get autoremove' to remove them. The following........
  • DRBD WFConnection Problem/Solution


    This has stumped me a few times because I keep forgetting that Centos 5.5 comes with a default iptables configuration that ends up blocking DRBD traffic,I tried all the normal things and couldn't understand why I couldn't make my normal DRBD config work. So if you have WFConnection problems and have tried the normal "mailing list" fixes, check your firewall status first! Both Nodes Say the Following: version: 8.3.8 (api:88/prot........
  • MySQL Recover/Reset Lost/Forgotten root Password


    One note is to secure MySQL, I don't know for sure but I believe you could login to MySQL remotely with no password during this operation (I'm not sure, maybe it doesn't accept blank passwords but I firewall MySQL port anyway and recommend you do the same). First edit /etc/my.cf Under the [mysqld] field add the following line somewhere: skip-grant-tables Now restart mysql: service mysql restart or on Debian sty........
  • Trouble connecting between Windows XP and Windows 98 Shares


    Trouble connecting between Windows XP and Windows 98 SharesOk a few things to check for: * Disable all firewalls * Make sure NetBEUI is enabled on both computers * Make sure the Windows XP computer has the name of the computer logged in user of Windows 98 added as an XP user * Add the XP user to anything you want to share That fixed my problem........
  • Helpful IPFW Examples


    Helpful IPFW ExamplesSomeone's real life examples: http://lists.freebsd.org/pipermail/freebsd-security/2004-July/002181.html Or you can try the FreeBSD Handbook guide: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html........
  • Proftp Passive Ports


    Proftp Passive PortsIf you use a locked down firewall you can edit proftpd.conf and tell it something like this: [quote:8419cab1f8]PassivePorts 6170 6270[/quote:8419cab1f8] That would force all passive ftp traffic to ports 6170 6270 which you could then open on your firewall rather than leaving open ports 1024-65000 open........
  • Basic Port Listing


    Basic Port ListingHopefully someone finds this useful or at least interesting. http://www.sans.org/top20/#u9 Name Port Protocol Description Small services ........
  • Linux/Unix Open SSH Login Without Password Key Exchange including Debian, Redhat, Fedora, Ubuntu, BSD etc..


    In those 4 simple commands you can setup mutual key exchange between two sshservers by using a single login shell session and single window. *Just change the IP address examples of (10.10.0.2) to the target of your mutual key exchange. It doesn't matter if the server is on a LANor WAN(well unless the server is behind a firewall and you cannot SSHinto it).........
  • How To Save iptables firewall rules Centos/Redhat/Fedora Linux


    This is something that annoys a lot of people, fortunately the Redhat style OS's are the most simple in this respect. I disagree that Debian's way makes sense, it is more of a hackish approach in how they implement iptables. Anyway, for those who are using Redhat/Centos style OS's it is very simple. Set your rules from the shell/command prompt and to save the iptables firewall rules so they are remember/loaded on boot just run this command: service iptables........
  • Latest Articles

  • Debian and Netplan
  • CentOS 8 how to restart the network!
  • CentOS 8 how to convert to a bootable mdadm RAID software array
  • ADATA USB Thumb Drive Issues
  • KMODE EXCEPTION NOT HANDLED - QEMU/KVM Won't Boot Windows 2016 or 10 Image or Physical Machine
  • Linux Mint / Ubuntu / Debian Mate Disable Guest Session and Hide Usernames on Lightdm Login screen GUI
  • SSH How To Create Public/Private Key Pair and with a Larger Keysize than 2048 bits
  • selenium.common.exceptions.WebDriverException: Message: Can not connect to the Service geckodriver
  • python ModuleNotFoundError: No module named 'bs4' even though you have the module
  • ssh how to connect using a SOCKS 5 proxy with nc and proxycommand
  • Enable AMDGPU Linux Driver
  • apache symlinks denied even with followsymlinks
  • chown how to change ownership on a symlink
  • how to use ifplugd in Linux to execute a command or script when a NIC cable is unplugged or plugged in
  • dd how to backup and restore disk images including compression with gzip
  • mpv / mplayer with Radeon / AMD GPU Video Card Driver enable VDPAU GPU Accelerated Video Decoding
  • Wordpress Reset Blog User Password from MySQL Using Linux Bash and not PHPMyadmin
  • Ubuntu Linux Mint Debian xorg performance and tear-free tuning for AMD Radeon Based Cards
  • Centos 7 Stopped and Disabled Firewalld and ports still blocked
  • MariaDB / MySQL Reset Root Forgotten Password on Centos 7