2012/04/30

iptables (參考



CentOS 7 install iptables

yum install iptables system-config-firewall-tui setuptool





 iptables -I INPUT -i eth1   0.0.0.0/0 -j ACCEPT

## Block something

iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP

Centos + httpd


yum -y install httpd

iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

service iptables save

vi /etc/httpd/conf/httpd.conf

/ Listen 

add
--
Listen *:443
--

netstat -tlunp | grep httpd


關於SSL部分設定參閱

http://www.twisu.com.tw/5/linset/www1.htm
http://docdb.fnal.gov/doc/sslconf.html
http://www.twbsd.org/cht/book/ch14.htm
http://www.apache-ssl.org/httpd.conf.example

2012/04/27

Linux 變更 Hostname

uname -a (VIEW HOSTNAME now)

hostname newname

vi /etc/sysconfig/network
 HOSTNAME=newname

vi etc/hosts
127.0.0.1 localhost newname

uname -a (VIEW HOSTNAME now)

2012/04/21

block TeamViewer

block TeamViewer

block TCP 5938
block *.teamviewer.com
block *.dyngate.com

2012/04/15

NTP server (TW)


NTP server

 220.130.158.52 time.stdtime.gov.tw
 140.109.1.10 stdtime.sinica.edu.tw


tock.stdtime.gov.tw
watch.stdtime.gov.tw
time.stdtime.gov.tw
clock.stdtime.gov.tw    
tick.stdtime.gov.tw

2012/04/09

Spamassassin


vi /etc/mail/spamassassin/local.cf

# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)

# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.

required_hits 5
report_safe 0
rewrite_header Subject [SPAM]

whitelist_from *@watchdata.com
whitelist_from *@watchdata.com.cn

#whitelist_from *@gmail.com

header LOCAL_RCVD From =~ /(119.255.1.60|watchdata|.watchdata\.com.cn)/(mail.domain.com|ip address)/
describe LOCAL_RCVD Received from local machine
score LOCAL_RCVD -1000


service spamassassin restart
service postfix restart



2012/04/03

traceroute (centos)

yum -y install  traceroute

~
traceroute 192.168.0.1 traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets 1 router.corp.*.* (192.168.0.1) 0.673 ms 0.697 ms 0.785 ms