Hi Till and Falko, is the firewall bastille works in the ISPConfig 2 in a CentOS system? Code: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Where are the firewall rules? thanks
yes Falko, but I think that it is open to all the connections! Furthermore how can avoid the DOS attack if we cannot edit or improve the rules?
The same! Code: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Code: # ps aux | grep wconf root 13723 0.0 0.0 3924 688 pts/0 SN+ 15:21 0:00 grep wconf root 16848 0.0 0.0 4492 1024 ? SN Nov15 0:07 /bin/bash /root Code: # ls -la /root/ispconfig/ total 108 drwxr-xr-x 10 root root 4096 Nov 24 09:56 . drw--wx-wx 8 root root 4096 Nov 18 20:59 .. -rwxr-xr-x 1 root root 33074 Nov 4 20:31 cronolog -rwxr-xr-x 1 root root 9673 Nov 4 20:31 cronosplit drwxr-xr-x 12 root root 4096 Nov 4 20:23 httpd drwxr-xr-x 16 root root 4096 Nov 4 20:31 isp drwxr-xr-x 7 root root 4096 Nov 4 20:23 libmcrypt -rw-r--r-- 1 root root 8 Nov 24 09:56 .old_path_httpd_root drwxr-xr-x 6 root root 4096 Nov 4 20:22 openssl drwxr-xr-x 6 root root 4096 Nov 4 20:28 php drwxr-xr-x 4 root root 4096 Nov 15 23:59 scripts drwxr-xr-x 4 root root 4096 Nov 4 20:31 standard_cgis drwxr-xr-x 2 root root 4096 Nov 4 20:31 sv -rwx------ 1 root root 9389 Nov 4 20:31 uninstall
Can you restart ISPConfig... Code: /etc/init.d/ispconfig_server restart ... and post the output of Code: ps aux | grep wconf again?
Yes, it was restarted Code: # ps aux | grep wconf root 2782 0.0 0.0 4492 1052 pts/1 SN 16:28 0:00 /bin/bash /root/ispconfig/sv/ispconfig_wconf root 2966 0.0 0.0 3928 680 pts/1 RN+ 16:28 0:00 grep wconf
Ok at the moment seems that it work: Code: # iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (10 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:http PAROLE tcp -- anywhere anywhere tcp dpt:hosts2-ns PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:ndmp ACCEPT udp -- anywhere anywhere udp dpt:domain DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere You have new mail in /var/spool/mail/root how can I avoid the Treason uncloaked? Is there a way to use the connlimit option or the iptables, the ipt_limit ?
