Howto logging iptables

Hanya mendokumentasikan postingan Pak Ronny Haryanto di milis tanya-jawab@linux.or.id tentang bagaimana cara me-log iptables.

Caranya:

Tambahkan 2 chain baru khusus utk logging ini, supaya lebih enak dibaca aja (soalnya jika kita mau nge-log dan nge-drop kita harus membuat dua rules).

iptables -N logdrop
iptables -A logdrop -j LOG –log-prefix “DROPPED: ”
iptables -A logdrop -j DROP

iptables -N logaccept
iptables -A logaccept -j LOG –log-prefix “ACCEPTED: ”
iptables -A logaccept -j ACCEPT

Lalu jika suatu saat kita membuat rules iptables ada yg mau di-drop/accept dan juga dilog, tinggal tambahkan rule iptables:

iptables … -j logdrop (instead of -j DROP langsung)
iptables … -j logaccept (instead of -j ACCEPT langsung)

Maka lognya akan muncul di syslog.

Fedora Core 5 Available :)

Setelah tertunda peluncurannya pada 15 Maret lalu, akhirnya Fedora Core 5 sudah status released Stable.

Fitur:

  • Linux kernel 2.6.15
  • KDE 3.5.1
  • GNOME 2.14
  • X.org 7.0
  • Xen
  • OpenOffice.org 2.0.1
  • The Gimp 2.2.10
  • K3b 0.12.10
  • Eclipse SDK 3.1.2
  • GCC 4.1.0 serta banyak lagi

Fitur yang menarik adalah Anaconda terbaru, meskipun sangat kompleks tetapi fitur ini sangat mudah digunakan.

PS: Lagi nunggu Link Downloadnya, Sekarang masih dalam proses rsync ke Mirror-mirror nya. 🙂

DNS Closed Relay

Agar DNS kita tidak dinyatakan sebagai Open Relay maka perlu kita tambahkan pada setting /etc/named.conf pada bagian options nya.

allow-query { 127.0.0.1; 192.168.10.0/24; 202.xxx.xxx.xxx/28; localhost;};
allow-recursion { 127.0.0.1; 192.168.10.0/24; 202.xxx.xxx.xxx/28; localhost;};

Jadi yang boleh mengquery atau memakai DNS kita adalah Localhost, ip network LAN 192.168.10.0/24, dan ip 202.xxx.xxx.xxx/28. Selain IP yang di deklarasikan diatas maka akan di denied.

Protect portmap With iptables

The portmap service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.

If you are running RPC services, you should follow some basic rules.

Below is are two example iptables commands that allow TCP connections to the portmap service (listening on port 111) from the 192.168.0/24 network and from the localhost, All other packets are dropped.

#iptables -A INPUT -p tcp -s! 192.168.0.0/24 –dport 111 -j DROP
#iptables -A INPUT -p tcp -s 127.0.0.1 –dport 111 -j ACCEPT

To similarly limit UDP traffic, use the following command.
#iptables -A INPUT -p udp -s! 192.168.0.0/24 –dport 111 -j DROP

Why I got such message,The following packages cannot be authenticated?

Apakah anda juga pernah mengalami hal yang sama? mendapatkan message warning “The following packages cannot be authenticated” setiap kali menginstall program menggunakan apt-get 0.6.x ?

debian:~# apt-get install tcpflow
Reading package lists… Done
Building dependency tree… Done
Suggested packages:
tcpdump
The following NEW packages will be installed
tcpflow
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 0B/23.6kB of archives.
After unpacking 86.0kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
tcpflow
Install these packages without verification [y/N]?

Ini adalah normal, seperti keterangan “Jordi Mallach Pérez” salah satu developer debian.org disini

Pertanyaan yang akan muncul adalah, bagaimana supaya message itu tidak muncul kembali?

Jawabannya adalah dengan menambahkan APT::Get::AllowUnauthenticated “true”; pada apt.conf Anda.

debian:~# cat /etc/apt/apt.conf.d/70debconf
// Pre-configure all packages with debconf before they are installed.
// If you don’t like it, comment it out.
DPkg::Pre-Install-Pkgs {“/usr/sbin/dpkg-preconfigure –apt || true”;};
APT::Get::AllowUnauthenticated “true”;

kemudian cobalah menggunakan apt-get untuk menginstall program yang anda inginkan, insyaAllah message warning itu tidak akan muncul kembali.

debian:~# apt-get install tcpflow
Reading package lists… Done
Building dependency tree… Done
Suggested packages:
tcpdump
The following NEW packages will be installed
tcpflow
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 0B/23.6kB of archives.
After unpacking 86.0kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
tcpflow
Authentication warning overridden.
Selecting previously deselected package tcpflow.
(Reading database … 128821 files and directories currently installed.)
Unpacking tcpflow (from …/tcpflow_0.21-8_i386.deb) …
Setting up tcpflow (0.21-8) …

Good Luck 🙂

Fix locale settings in perl

Jika anda menemui warning yang sama berkaitan dengan locale settings in perl, mudah2an cara ini bisa jadi probelm solvingnya.

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = “en_ID:en_US:en_GB:en”,
LC_ALL = (unset),
LANG = “en_US”
are supported and installed on your system.
perl: warning: Falling back to the standard locale (“C”).
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

Caranya, Login sebagai root, kemudian install localeconf kemudian reconfigure ulang localeconfnya.

#apt-get install localeconf
#dpkg-reconfigure locales

Mudah-mudahan warning itu tidak akan muncul kembali.