Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Firewall Setups

  1. #11
    Join Date
    May 2009
    Location
    Wollongong, Australia
    Beans
    Hidden!
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Firewall Setups

    Haha yeah that'd be good if I knew how to write my own apache modules

    Maybe there's something in mod_security?
    Computer Security for Noobs!!

    http://www.security4noobs.com/

  2. #12
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Firewall Setups

    iptables is not really designed to do any type of log monitoring in and of itself, there are kernel module add ons and IDS/IPS solutions that can monitor inbound traffic and outbound responses and tell iptables what to do about it, however you're not going to be able to build a DPI firewall out of iptables.

    That being said, I'm assuming you're looking to block enumeration and web vulnerability scanning against your Apache server. The easiest way I know how to do that is by using mod_security. There are some pre-made rules that are actually quite good based on the OWASP top 10 , also you can write your own rules (this gets complicated fast)

    If you are interested in installing the latest version of mod_security and core rules for apache I wrote a procedure here : http://dangertux.wordpress.com/tutor...-mod-security/

    There is also an older tutorial here , that utilizes repos if you're not familiar with building from source however it is using an older rule set and the current rule set doesn't really work that well with this one : http://blog.bodhizazen.net/linux/how...ty-ubuntu-904/

    As far as iptables and allowing only specific services to be accessible from certain ip's etc, I would recommend using iptables over ufw or any other management system, they are much more robust and can do a lot of interesting things that ufw and the like can not.

    Also I know denyhosts won't do what you're looking for and I'm fairly certain fail2ban won't either (not positive)

    Hope that helps.

  3. #13
    Join Date
    May 2009
    Location
    Wollongong, Australia
    Beans
    Hidden!
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Firewall Setups

    Yeah thanks that does help. I always knew that iptables, or any of ufw, firestarter, etc wouldn't directly monitor apache and react to it, so I needed something in between them to do all the work. Perhaps mod_security is the way to go, i'll have to do a lot of research on it though...
    Computer Security for Noobs!!

    http://www.security4noobs.com/

  4. #14
    Join Date
    Sep 2006
    Location
    Huddersfield
    Beans
    85
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Firewall Setups

    Quote Originally Posted by Frogs Hair View Post
    If you choose to go with an interface , Firestarter is an old program and though it is in the repository I would avoid it .

    Firestarter has more settings than UFW, so a more accurate control over iptables is possible, as well as the ability to control, amongst other variables, ICMP filtering, DHCP config & service prioritising, all in one place. The PDF manual was updated last year, & excellent support is available via the user mailing list, (last entry 5 days ago).

    Does its age really matter?
    I've not heard of it having an age-related vulnerability, have I missed something important? because I've just set-up a neighbour's laptop with Lucid, with Firestarter as the firewall-GUI.

    As to experimenting with settings, virtualise a copy of your installation, & then play until you break it... noting the settings you used each time.
    Last edited by archolman; October 2nd, 2011 at 09:13 PM.
    Peace, love & The Archers!
    WinXPHome-SP3 DAW/ Ubuntu 10.04.2LTS Surf&BOINC,
    on
    AMD Athlon64, 2GbRAM

  5. #15
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,744

    Re: Firewall Setups

    Quote Originally Posted by archolman View Post
    Firestarter has more settings than UFW, so a more accurate control over iptables is possible, as well as the ability to control, amongst other variables, ICMP filtering, DHCP config & service prioritising, all in one place. The PDF manual was updated last year, & excellent support is available via the user mailing list, (last entry 5 days ago).

    Does its age really matter?
    I've not heard of it having an age-related vulnerability, have I missed something important? because I've just set-up a neighbour's laptop with Lucid, with Firestarter as the firewall-GUI.
    its just out of date as a project thats all.

    Personally if you want configurability then just IPTables from CLI, but if FS works for ya then by all means use it. Last stable was 1.0.3 i think and plenty of Bugs on launchpad for it
    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  6. #16
    Join Date
    Sep 2006
    Location
    Huddersfield
    Beans
    85
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Firewall Setups

    Tally Ho! It's bughunting time here in sunny Huddersfield!
    Thanks for the advise... it's not the first of yours I've followed.

    I always use Firestarter, mostly so that I can show converts how to use the GUI to get the best benefit for them.
    As most of them just want to surf, & are used to MS security-apps having a GUI to do everything, they haven't been interested in the back-end, just in how to train the firewall. Maintaining a Firestarter mind-set helps in teaching its use.
    Last edited by archolman; October 2nd, 2011 at 10:15 PM.
    Peace, love & The Archers!
    WinXPHome-SP3 DAW/ Ubuntu 10.04.2LTS Surf&BOINC,
    on
    AMD Athlon64, 2GbRAM

  7. #17
    Join Date
    May 2009
    Location
    Wollongong, Australia
    Beans
    Hidden!
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Firewall Setups

    Thanks for all the tips guys. Gonna go with writing a module for apache to do it. Figure that'd be a good way to brush up on my C/C++
    Computer Security for Noobs!!

    http://www.security4noobs.com/

  8. #18
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Firewall Setups

    Not sure why you'd bother reinventing the wheel. When you're dealing with things like SQLi, CSRF, XSS , etc.. You're going to have to write all your definitions too. Which means you have have to understand every single methodology used in that type of attack.

    This is why I recommended mod-security. For instance you will probably easily be able to pick out

    Code:
    dangertux` or 1=1` -
    as a SQLi attempt. but what about timing attacks?

    Code:
    1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)
    OR

    Code:
    %2d%31%20%41%4e%44%20%31%3d%49%46%28%32%3e%31%2c%42%45%4e%43%48%4d%41%52%4b%28%35%30%30%30%30%30%30%2c%4d%44%35%28%43%48%41%52%28%31%31%35%2c%31%31%33%2c%31%30%38%2c%31%30%39%2c%39%37%2c%31%31%32%29%29%29%2c%30%29
    I don't think web application security is the proper place to brush up on your C skills , at least not if this is being used for any type of production system.

  9. #19
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Firewall Setups

    On a server I use iptables.

    Why would you block an ip simply because of a 404 ?

    I think you should look at tools such as psad, snort, and mod_security.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #20
    Join Date
    May 2009
    Location
    Wollongong, Australia
    Beans
    Hidden!
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Firewall Setups

    My reasons are here: http://www.security4noobs.com/2011/0...ery-in-apache/

    I'm not trying to absolutely harden the server (now at least) so this will do in the mean time, and give my hands something to do.
    Computer Security for Noobs!!

    http://www.security4noobs.com/

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •