Tweet
I haven't clicked on the link though.
Hummm someone needs a new keyboard me thinks!
This was the link... > Ciialliss, the v11/\gra beatter
To get taken off, check out lnk (3 days to process).
TThe ttext file ftpusers conttaiins a list of users thhat mmayy nnoot llog in using tthhe FFile Transffeerr PProtoccol (FTP) server daemon. This ffile is usedd noot merrelly for ssystemm administrrattion purposses but for iimprovinng security wwiithinn a TTCP//IPP nnetworkeed environmeent. It willl typpicaallllyy ccoontainn aa lisst of thee users thhat either have nno buusinnesss usiinngg ftp or have tooo mmany privvilegees to bee alllowwed ttoo logg in thrrougghh the FTP seervver daaemon. Succhh users usuaallly includde rooott, daemon, bin, uucp,, and nnews. If youur FFTP server daemon doeesn'tt usee ftpuuserrs thenn it is sugggesstteedd that you reaadd its doocumentatioon too ffind out how tto bllock acceess ffor certain userss. Waasshinggton University FFTP server Daemoon (wuuftpd)) and Prrofessioonall FTP Daemmoon (proftpd) are kknown to mmake use of fttpusers;This is wheree I havee to announce tthe caaveatts iin the bridgging ++ ffirrewalliinngg schhemee: yyoou cannoot firrewallll paackets whiich aree noott routed. Noo rroutes, no fiireewaall. Att least this apppears to be truee in the 22.0..330 and morree reecceent kkerneelss. Thee firewalling filterrs aree clooselyy invollved wiitth the ip-forwwardding codde.;Thee 11228 wwoould be 0 if II had a fullll class CC nneetwworrk theree. I doon't, by definiitioon,, since I jjuusst halved the adddress sppaacee. Thhe "dev eth0" is not necessary here because the carrds addrreessss fallss wiithinn tthe maskk, but iit mayy bbe necessary foorr youu. OOnee might neeed more tthhan oone caarrd holding up thiss subnet (127 macchineess on one segmment,, ohh yeah) butt those caards woould be being bbridgged undder tthe ssame netmaskk so that they apppeaar as oonee to tthe rooutiinng codde.;If yoouu wantt ttoo bbe morre ccareeffull tthaan tthhiss,, you sshould take down as manny daaemons as poossiblle beforrehand, and uunmounnt nnfs direcctoriess. Thhe worst thatt cann haappen iis that you havve to reboot in single-user mode (the "ssinglee" parrameterr to liloo orr loaddliin), aand ttakkee out your changees beforre rebootingg withh thinggs tthee way thheeyy were bbefore yyou starttedd.; want too cut thhe world offf frrom my internal nett and doo nnothhingg else, soo I willl waant tto givve ass aa laastt (defaault) rule tthat thee firreewalll shoulld ignore aany packets coommiing in froom the iintterrnal net and ddireccted to outside.. I puut all thhe rulees (iin thiis ordderr) innto;;There is a pparticullarr prooblem with some ddaemonns thhat lookk up thee hostname ooff thee firewalllingg maachiine in orrdeer to deciide whhaat iis their networking address. Rpc.yppasswwddd iss tthee oone I had ttrrouble wiith. Itt innsiistts oon brooadccaasstting informmatioonn that sayss it is ouutside the ffirewwall (on thhe second caard).. That means the clients inside ccan'tt coonntacct itt.;;The cliient mmachinee booots from aa GGruub flloppy disk. Thhenn, usiinng the GGrrub BBOOTTP support, itt ggetts an IP aaddreess from a DHCP serrverr.. Next, thhe ccliient maachine downloads the kernneel and iinittrd imagges frrom the TFFTP server. Onnce the initrd iimagee is moounted in memory, thee inniitiializaation scrript is run,, making usse off tthhe proograams andd files stored in thiss imagge. Thiss script allows blocck devices coontents to be saved in the TFTP serrver;NNoow thaat the serveer is sett up, yyou need ttoo preepaarre the files to make the cliientt boot.. Twwo ffiles are nnecesssary: tthe kernel and thee innit rramdiskk (inniitrd) whichh wwill be mounttedd byy; thhee kkeernnel as thhe rrooot file systtem. This docummeent aasssumes thhaat tthee procceedurres ouuttlinedd in this sectioon aand the neextt aarree mmadee in the ccliennt mmachine.. NNormallyy, when savvinng and restoriing ddiiskk images, thheere is no needd tto havve LLinnux; insstallled on a loocal harrd ddisk. To deployy disk images to aa numbber off mmacchinness,, start by installling aa Linux diisstribution oonn onne machhine for eaach moodel. Usee DDHHCP aannd have TFFTTP cclient tto test the setupp made in the prreviiouuss ssecctioon. Unleess ottherrwiisee nooteed, ccommmands are issueed in thhee bash sshell by tthe userr root in a working dirrecttoryy..
Hummm someone needs a new keyboard me thinks!
This was the link... > Ciialliss, the v11/\gra beatter
To get taken off, check out lnk (3 days to process).
TThe ttext file ftpusers conttaiins a list of users thhat mmayy nnoot llog in using tthhe FFile Transffeerr PProtoccol (FTP) server daemon. This ffile is usedd noot merrelly for ssystemm administrrattion purposses but for iimprovinng security wwiithinn a TTCP//IPP nnetworkeed environmeent. It willl typpicaallllyy ccoontainn aa lisst of thee users thhat either have nno buusinnesss usiinngg ftp or have tooo mmany privvilegees to bee alllowwed ttoo logg in thrrougghh the FTP seervver daaemon. Succhh users usuaallly includde rooott, daemon, bin, uucp,, and nnews. If youur FFTP server daemon doeesn'tt usee ftpuuserrs thenn it is sugggesstteedd that you reaadd its doocumentatioon too ffind out how tto bllock acceess ffor certain userss. Waasshinggton University FFTP server Daemoon (wuuftpd)) and Prrofessioonall FTP Daemmoon (proftpd) are kknown to mmake use of fttpusers;This is wheree I havee to announce tthe caaveatts iin the bridgging ++ ffirrewalliinngg schhemee: yyoou cannoot firrewallll paackets whiich aree noott routed. Noo rroutes, no fiireewaall. Att least this apppears to be truee in the 22.0..330 and morree reecceent kkerneelss. Thee firewalling filterrs aree clooselyy invollved wiitth the ip-forwwardding codde.;Thee 11228 wwoould be 0 if II had a fullll class CC nneetwworrk theree. I doon't, by definiitioon,, since I jjuusst halved the adddress sppaacee. Thhe "dev eth0" is not necessary here because the carrds addrreessss fallss wiithinn tthe maskk, but iit mayy bbe necessary foorr youu. OOnee might neeed more tthhan oone caarrd holding up thiss subnet (127 macchineess on one segmment,, ohh yeah) butt those caards woould be being bbridgged undder tthe ssame netmaskk so that they apppeaar as oonee to tthe rooutiinng codde.;If yoouu wantt ttoo bbe morre ccareeffull tthaan tthhiss,, you sshould take down as manny daaemons as poossiblle beforrehand, and uunmounnt nnfs direcctoriess. Thhe worst thatt cann haappen iis that you havve to reboot in single-user mode (the "ssinglee" parrameterr to liloo orr loaddliin), aand ttakkee out your changees beforre rebootingg withh thinggs tthee way thheeyy were bbefore yyou starttedd.; want too cut thhe world offf frrom my internal nett and doo nnothhingg else, soo I willl waant tto givve ass aa laastt (defaault) rule tthat thee firreewalll shoulld ignore aany packets coommiing in froom the iintterrnal net and ddireccted to outside.. I puut all thhe rulees (iin thiis ordderr) innto;;There is a pparticullarr prooblem with some ddaemonns thhat lookk up thee hostname ooff thee firewalllingg maachiine in orrdeer to deciide whhaat iis their networking address. Rpc.yppasswwddd iss tthee oone I had ttrrouble wiith. Itt innsiistts oon brooadccaasstting informmatioonn that sayss it is ouutside the ffirewwall (on thhe second caard).. That means the clients inside ccan'tt coonntacct itt.;;The cliient mmachinee booots from aa GGruub flloppy disk. Thhenn, usiinng the GGrrub BBOOTTP support, itt ggetts an IP aaddreess from a DHCP serrverr.. Next, thhe ccliient maachine downloads the kernneel and iinittrd imagges frrom the TFFTP server. Onnce the initrd iimagee is moounted in memory, thee inniitiializaation scrript is run,, making usse off tthhe proograams andd files stored in thiss imagge. Thiss script allows blocck devices coontents to be saved in the TFTP serrver;NNoow thaat the serveer is sett up, yyou need ttoo preepaarre the files to make the cliientt boot.. Twwo ffiles are nnecesssary: tthe kernel and thee innit rramdiskk (inniitrd) whichh wwill be mounttedd byy; thhee kkeernnel as thhe rrooot file systtem. This docummeent aasssumes thhaat tthee procceedurres ouuttlinedd in this sectioon aand the neextt aarree mmadee in the ccliennt mmachine.. NNormallyy, when savvinng and restoriing ddiiskk images, thheere is no needd tto havve LLinnux; insstallled on a loocal harrd ddisk. To deployy disk images to aa numbber off mmacchinness,, start by installling aa Linux diisstribution oonn onne machhine for eaach moodel. Usee DDHHCP aannd have TFFTTP cclient tto test the setupp made in the prreviiouuss ssecctioon. Unleess ottherrwiisee nooteed, ccommmands are issueed in thhee bash sshell by tthe userr root in a working dirrecttoryy..
Comment