SERVICE LEVEL SECURITY:
SSH:
ssh -l user_name ---ip-address/dns_name---
192.168.0.254 --> for secure
connection by root, it keeps the old
/etc/ssh/sshd_config -->u can deny root
login by adding the following line:
AllowUsers yaniv ron --> only these 2
users will be able to login at ssh!
close version 1.
sftp -oPort=123 host_name
--> for secure file transfare
info:
mac_address of the computer at:
/root/.ssh/known_hosts2:2
/var/log/secure --> who tried to log in and when
errors:
if the host has changed the key u can
delete it fron Your computer at ~/ssh/known_hosts
netstat -rm --> shows internet connection
-A inet
-anp |grep LISTEN|more
-t,-u,-p,-s,-r
-taupe --> active network servers,
established connections
chkconfig -list --> see list of all services
-del service_name
telnet off , on
(/etc/xinetd.d/telnet disable=yes)
/etc/hosts.allow --> (will b first examined) :
(in.ftpd: 192.168.0.
in.telnetd, portmap: 192.168.0.8
ALL: EXCEPT 192.168.1.)
hosts.deny --> ALL: ALL
sendmail: .hotmail.com EXCEPT 192.168.0.
--> mails will not arrive from that
domain and u will be able to send!
(ALL: .cracker.org
EXCEPT trusted.cracker.org
in.ftpd, portmap: ALL
pop3d: 192.168.0. EXCEPT 192.168.0.4)
sshd : ALL AXCEPT 192.168.1.
/etc/xinetd.d/wu-ftpd: no_access = 192.168.0.x
telnet : only_from = 192.168.1.15
access_times = 09:00-16:00 --> when 2 access
instances = 60 -->number of simultaneous_
pre_source = 5 connections per IP address
/etc/xinetd.conf :
no_access = 192.168.1.0/24 (restart xinetd all3!)
2 querie dns of server1 about ip address:
host -l cracker.org server1.example.com
ps -auxw --> extrat info of processes
|