Here is a Three Part Tutorial Video of IPTables from Linux Journal.
Mastering IPTables Part 1
Firewall Script Part 1
### Start Of Script ###
#!/bin/sh
IPT=/sbin/iptables
$IPT -F
#policies
$IPT -P OUTPUT ACCEPT
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
#allowed inputs
$IPT -A INPUT --in-interface lo -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
#allow responses
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### End Of Script ###
Mastering IPTables Part 2
Firewall Script Part 2
### Start Of Script ###
#!/bin/sh
IPT=/sbin/iptables
$IPT -F
#policies
$IPT -P OUTPUT ACCEPT
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -N SERVICES
#allowed inputs
$IPT -A INPUT --in-interface lo -j ACCEPT
$IPT -A INPUT -j SERVICES
#allow responses
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#allow services
$IPT -A SERVICES -p tcp --dport 22 -j ACCEPT
$IPT -A SERVICES -p tcp --dport 8080 -j ACCEPT
$IPT -A SERVICES -m iprange --src-range 192.168.1.1-192.168.1.254 -p tcp --dport 631 -j ACCEPT
$IPT -A SERVICES -m iprange --src-range 192.168.1.1-192.168.1.254 -p udp --dport 631 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
$IPT -A FORWARD -p tcp --dport 8080 -j ACCEPT
### End Of Script ###
Mastering IPTables Part 3
Firewall Script Part 3
### Start Of Script ###
#!/bin/sh
IPT=/sbin/iptables
$IPT -F
#policies
$IPT -P OUTPUT ACCEPT
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -N SERVICES
#drop spoofed packets
$IPT -A INPUT --in-interface ! lo --source 127.0.0.0/8 -j DROP
#limit ping requests
$IPT -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT
#drop bogus packets
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
$IPT -t filter -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j DROP
$IPT -t filter -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
$IPT -t filter -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
$IPT -t filter -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -t filter -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -t filter -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
$IPT -t filter -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
#allowed inputs
$IPT -A INPUT --in-interface lo -j ACCEPT
$IPT -A INPUT -j SERVICES
#allow responses
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#allow services
$IPT -A SERVICES -p tcp --dport 22 -j ACCEPT
$IPT -A SERVICES -p tcp --dport 8080 -j ACCEPT
$IPT -A SERVICES -m iprange --src-range 192.168.1.1-192.168.1.254 -p tcp --dport 631 -j ACCEPT
$IPT -A SERVICES -m iprange --src-range 192.168.1.1-192.168.1.254 -p udp --dport 631 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
$IPT -A FORWARD -p tcp --dport 8080 -j ACCEPT
### End Of Script ###
Wednesday, December 29, 2010
Wednesday, December 15, 2010
OpenKM 5.0 on Ubuntu 10.04
OpenKM is a Knowledge Management System used in document management.
Required is the install of Sun Java JDK 1.6 on Ubuntu 10.04.
Unzip the file and using winscp (http://winscp.net/eng/download.php)
- copy the jboss-4.2.3.GA folder to the Ubuntu /opt directory.
To manually run OpenKM, first go to /opt/jboss-4.2.3.GA/bin directory and run chmod +x *.sh
Then type ./run.sh -b 0.0.0.0 and enter.
Point your favorite browser to http://:8080/OpenKM/
Autenticate to OpenKM using user "okmAdmin" with password "admin"
To Run OpenKM as a Service so that OpenKM will run after a reboot, go to the console of ubuntu
Run $ vi /etc/init.d/jboss
Insert the following lines to the vi editor:
Last step is to update the database config file to prevent the repositories from being deleted.
$ vi /opt/jboss-4.2.3.GA/OpenKM.cfg
Change the line hibernate.hbm2ddl=create to hibernate.hbm2ddl=none
Note:
From OpenKM 5.x there's a property definition in OpenKM.cfg to create automatically database. Once the tables are created, change the hibernate.hbm2ddl property from create to none. Do it after first time running, in other case all repository it'll be deleted and created in next OpenKM starting
Required is the install of Sun Java JDK 1.6 on Ubuntu 10.04.
We are going to be installing Java with the help of apt-get so, as you can guess, we will be doing this from the command line. So fire up your favorite terminal window and get ready to work.
The first step is to add the necessary repositories to the /etc/apt/sources.list file. So open that file up with your favorite text editor and add the following line to the bottom of that file:
deb http://archive.canonical.com/ lucid partner
Now to update apt, issue the command:
$ sudo apt-get update
Once apt has completed its update, you are ready to install. The actual installation command is:
$ sudo aptitude install sun-java6-jdk
Next is we need to get the install files of OpenKM, download the the zip file OpenKM-5.0_JBoss-4.2.3.GA.zip from http://www.openkm.com/Download.htmlUnzip the file and using winscp (http://winscp.net/eng/download.php)
- copy the jboss-4.2.3.GA folder to the Ubuntu /opt directory.
To manually run OpenKM, first go to /opt/jboss-4.2.3.GA/bin directory and run chmod +x *.sh
Then type ./run.sh -b 0.0.0.0 and enter.
Point your favorite browser to http://
Autenticate to OpenKM using user "okmAdmin" with password "admin"
To Run OpenKM as a Service so that OpenKM will run after a reboot, go to the console of ubuntu
Run $ vi /etc/init.d/jboss
Insert the following lines to the vi editor:
#! /bin/sh
# /etc/init.d/jboss: Start and stop JBoss AS
ECHO=/bin/echo
TEST=/usr/bin/test
JBOSS_START_SCRIPT=/opt/jboss-4.2.3.GA/bin/run.sh
JBOSS_STOP_SCRIPT=/opt/jboss-4.2.3.GA/bin/shutdown.sh
$TEST -x $JBOSS_START_SCRIPT || exit 0
$TEST -x $JBOSS_STOP_SCRIPT || exit 0
start() {
$ECHO -n "Starting JBoss"
sudo $JBOSS_START_SCRIPT -b 0.0.0.0 > /dev/null 2> /dev/null &
$ECHO "."
}
stop() {
$ECHO -n "Stopping JBoss"
sudo $JBOSS_STOP_SCRIPT -S > /dev/null &
$ECHO "."
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 30
start
;;
*)
$ECHO "Usage: jboss {start|stop|restart}"
exit 1
esac
exit 0
#end of script
Make the file executable with
$ sudo chmod 755 /etc/init.d/jboss
Done. The OpenKM now runs as a service. You can start OpenKM with
$ sudo ./etc/init.d/jboss start
$ sudo chmod 755 /etc/init.d/jboss
Update the run levels with
$ sudo update-rc.d jboss defaults
$ sudo update-rc.d jboss defaults
Done. The OpenKM now runs as a service. You can start OpenKM with
$ sudo ./etc/init.d/jboss start
Last step is to update the database config file to prevent the repositories from being deleted.
$ vi /opt/jboss-4.2.3.GA/OpenKM.cfg
Change the line hibernate.hbm2ddl=create to hibernate.hbm2ddl=none
Note:
From OpenKM 5.x there's a property definition in OpenKM.cfg to create automatically database. Once the tables are created, change the hibernate.hbm2ddl property from create to none. Do it after first time running, in other case all repository it'll be deleted and created in next OpenKM starting
Subscribe to:
Posts (Atom)
