Security update for ISPConfig 3 available

Discussion in 'General' started by till, May 11, 2012.

  1. till

    till Super Moderator Staff Member ISPConfig Developer

    For the latest ispconfig releases you should update the master first.
     
  2. celocore

    celocore New Member

    Hi,

    thanks for the great work. Update from 3.0.3.3 to 3.0.4.5 runs without problems.

    ISPConfig runs here with ubuntu 8.04 LTS an there I see one error in the "Show ISPC CronLog" -> iptables v1.3.8: Unknown arg `-S'

    What should iptables -S show? The same as iptables -L?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The output is a bit different. From iptables manpage:

    Code:
    -L, --list [chain]
                  List all rules in the selected chain.  If no chain is selected, all chains are listed. Like every other iptables command, it applies to the
                  specified table (filter is the default), so NAT rules get listed by
                   iptables -t nat -n -L
                  Please  note  that  it  is often used with the -n option, in order to avoid long reverse DNS lookups.  It is legal to specify the -Z (zero)
                  option as well, in which case the chain(s) will be atomically listed and zeroed.  The exact output  is  affected  by  the  other  arguments
                  given. The exact rules are suppressed until you use
                   iptables -L -v
    
           -S, --list-rules [chain]
                  Print  all rules in the selected chain.  If no chain is selected, all chains are printed like iptables-save. Like every other iptables com-
                  mand, it applies to the specified table (filter is the default).
    Examples:

    Code:
    iptables -S
    -P INPUT ACCEPT
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    -N fail2ban-courierauth
    -N fail2ban-couriersmtp
    -N fail2ban-postfix
    -N fail2ban-sasl
    -N fail2ban-ssh
    -A INPUT -p tcp -m multiport --dports 25,465,143,220,993,110,995 -j fail2ban-courierauth
    -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
    -A INPUT -p tcp -m multiport --dports 25,465,143,220,993,110,995 -j fail2ban-sasl
    -A INPUT -p tcp -m multiport --dports 25,465 -j fail2ban-couriersmtp
    -A INPUT -p tcp -m multiport --dports 25,465 -j fail2ban-postfix
    -A fail2ban-courierauth -j RETURN
    -A fail2ban-couriersmtp -j RETURN
    -A fail2ban-postfix -j RETURN
    -A fail2ban-sasl -j RETURN
    -A fail2ban-ssh -j RETURN
    Code:
    iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    fail2ban-courierauth  tcp  --  anywhere             anywhere            multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
    fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
    fail2ban-sasl  tcp  --  anywhere             anywhere            multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
    fail2ban-couriersmtp  tcp  --  anywhere             anywhere            multiport dports smtp,ssmtp
    fail2ban-postfix  tcp  --  anywhere             anywhere            multiport dports smtp,ssmtp
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain fail2ban-courierauth (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-couriersmtp (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-postfix (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-sasl (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-ssh (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    You can change the command in the file /usr/local/ispconfig/server/lib/classes/monitor_tools.inc.php on line 1231
     
  4. celocore

    celocore New Member

    Hmm, ok. The -S option isn't available in iptables at ubuntu 8.04 LTS.
     

Share This Page