Archive for the ‘ Security ’ Category

Locked out of Webmin after IP address changed

Sometimes your provider changes your IP address and if you have IP Access Control turned on, you will not be able to access Webmin anymore. And of course you won’t be able to update your IP address in Webmin if you can’t access it anymore.

So in that case you need to use SSH and edit this config file:

# vi /etc/webmin/miniserv.conf

Look for the line “allow” and edit the IP address(es) as needed:

error_handler_404=404.cgi
error_handler_403=403.cgi
error_handler_401=401.cgi
allow=151.248.55.185 77.109.118.242 80.211.197.221
alwaysresolve=0
libwrap=
trust_real_ip=0
2024
09/06
CATEGORY
Commands
Linux
Security
Write comment

Disable Firewalld and reinstate iptables on Centos 7

1. Disable Firewalld Service.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl mask firewalld

2. Stop Firewalld Service.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl stop firewalld

3. Install iptables service related packages.

[root@rhel-centos7-tejas-barot-linux ~]# yum -y install iptables-services

4. Make sure service starts at boot:

[root@rhel-centos7-tejas-barot-linux ~]# systemctl enable iptables

# If you do not want ip6tables, You can skip following command.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl enable ip6tables

5. Now, Finally Let’s start the iptables services.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl start iptables

# If you do not want ip6tables, You can skip following command.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl start ip6tables

Firewalld Service is now disabled and stop, You can use iptables.

 

http://www.tejasbarot.com/2014/08/02/rhel-7-centos-7-disable-firewalld-and-use-iptables/

2016
02/16
CATEGORY
iptables
Linux
Security
Write comment

Bypass the EWEA firewall

We can bypass the firewall by changing network adapter properties as follows:

No-Firewall

2015
11/26
CATEGORY
Networking
Security
Write comment

Resetting the root password

If you ever forget your root password, you can actually reset it with the following steps.

  • Interrupt the boot at the GRUB stage and boot to runlevel 1, AKA single user mode.
  • Interrupt GRUB by typing a character such as “space” then append to the kernel line by typing “a”
  • Backspace through “rhgb quiet” and append ” 1 “
  • Then hit <enter>

This will give you a root shell and not a login prompt. From there you can use the “passwd” command to set a new root password.
Other user passwords can be reset, and other administrative tasks can be performed as well. Exiting the single user root shell will boot to the multi-user mode defined in /etc/inittab.

CentOS-6 Note: Due to an upstream SELinux bug the root password cannot be reset on a fresh install of CentOS-6 without an additional step. Booting with “selinux=0” appended to the grub kernel line, or doing “setenforce 0” after logging in and before attempting to reset the password are work-arounds.

(If SELinux is enforcing then do not forget to relabel your filesystem afterwards or you will not be able to login until you reboot and repeat the instructions and include the autorelabel)

 From: http://wiki.centos.org/TipsAndTricks/ResetRootPassword

2014
09/22
CATEGORY
Linux
Security
Write comment

Typo3-fail2ban

Taken from here: http://www.illutzminator.de/typo3-fail2ban.html?&L=1

You cannot have enough security for your own CMS. Typo3 security can be enhanced with fail2ban to reduce the risk of brute-forcing.

Here’s what to do:

Install fail2ban on your web-server as root administrator.

Add the following lines to your jail.conf

[apache-typo3]
 enabled = true
 port = http,https
 filter = apache-typo3
 logpath = /var/log/apache*/*access.log
 maxretry = 7
 findtime = 3600
 bantime = 7200

Create the filter apache-typo3

(that is a file named apache-typo3.conf in fail2bans subfolder filter.d)
The file has to have at least the following contents:

[Definition]
 failregex = ^<HOST> -.*GET.*/login-alert-error\.gif
 ^<HOST> -.*POST.*/typo3/index\.php
 ignoreregex =

To make it easy download a ready-to-go file here .

How does that work ?

Fail2ban checks the given file (here apaches access.log) for changes in short time cycles. When logging in the site /typo3/index.php is called and the account information is posted from there. If login fails, the image login-alert-error.gif is shown and on further attempts to login parameters are posted again from that site.

With the configuration above i decided that one of these events may apear 7 times (maxretry) within one hour (findtime 3600). If it happens one more time, the ip-address is banned for 2 hours (bantime 7200).

Parameters maxretry, findtime, bantime can be set like what ever you think to be useful, but:
Do not set maxretry < 4. The first failure will post the login parameters and get the image. So 2 events are gone. You need the third event for your next attempt.
So my tip: Set maxretry >= 5 !

Hint for multi-user

Even for a succesful login there is one attempt needed. So if you use Typo3 with severel users, set maxretry at least to the number of users adding a few tries for login failures.

My entries or links concerning brute force

2014
02/06
CATEGORY
CMS
Security
Typo3
Write comment