IPTables Generator

Ada dua jenis iptables Generator kesukaan saya… πŸ™‚

This program generates an iptables firewall script for use with the 2.4 or later linux kernel. It is intended for use on a single system connected to the Internet or a gateway system for a private, internal network. It provides a range of options, but is not intended to cover every possible situation. Make sure you understand what each option in the generator does and take the time to read the comments in the resulting firewall. This generator will not, for example, generate a firewall suitable for use with a DMZ, but it can provide a starting point. For the most common uses the generator should produce a firewall ready for use.

quicktables is an iptables firewall and firewall / nat (gateway) script generator. it was created to provide a secure set of iptables rules quickly, while still maintaining few requirements (sh and ifconfig pretty much). quicktables will ask you to answer a small handful of questions, and generates your very own personalized firewall or script.

  • current support includes the following
  • nat and no nat (firewall only) options
  • default policy of DROP on INPUT and FORWARD chains (all packets dropped)
  • tcp and udp ACCEPTs on INPUT chain (open ports to the firewall machine)
  • tcp and upd port forwarding with nat (forward ports to multiple internal hosts nat only)
  • multiple icmp (ping) options
  • multiple packet logging level options (syslog – kern.info)
  • redhat specific installation and init script supporting both /sbin/service and /sbin/chkconfig commands
  • advances port forwarding to multiple internal hosts with multiple external destination addresses
  • advanced support for transparent http proxying with squid running either on the firewall itself or running on another host
  • xtremely newbie friendly while still secure and very feature rich

Semuanya menjadi lebih mudah πŸ™‚

Firestarter (GUI Linux Firewall)

Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators.

We strongly believe that your job is to make the high level security policy decisions and ours is to take care of the underlying details. This is a departure from your typical Linux firewall, which has traditionally required arcane implementation specific knowledge.

Why you need a firewall ???

A firewall does not guarantee security but it is in most environments the first line of defense against network based attacks.

You can use Firestarter on your…

… Desktop or laptop. Our philosophy of simplicity has made Firestarter the most widely used Linux desktop firewall software available today.

… Server. Firestarter can be installed onto individual servers and managed graphically over SSH or using the shell.

… Gateway or dedicated firewall. Firestarter will set up Internet connection sharing for you with a minimum of fuss. Want DHCP for the clients? Sure you could configure it yourself, but we know you never get around to doing it, with Firestarter it only takes one click.
Firestarter features

  • Open Source software, available free of charge
  • User friendly, easy to use, graphical interface
  • A wizard walks you through setting up your firewall on your first time
  • Suitable for use on desktops, servers and gateways
  • Real-time firewall event monitor shows intrusion attempts as they happen
  • Enables Internet connection sharing, optionally with DHCP service for the clients
  • Allows you to define both inbound and outbound access policy
  • Open or stealth ports, shaping your firewalling with just a few mouse clicks
  • Enable port forwarding for your local network in just seconds
  • Option to whitelist or blacklist traffic
  • Real time firewall events view
  • View active network connections, including any traffic routed through the firewall
  • Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
  • Support for tuning ICMP parameters to stop Denial of Service (DoS) attacks
  • Support for tuning ToS parameters to improve services for connected client computers
  • Ability to hook up user defined scripts or rulesets before or after firewall activation
  • Supports Linux Kernels 2.4 and 2.6
  • Translations available for many languages (38 languages as of November 2004)



Selengkapnya : http://www.fs-security.com/

Make Ubuntu look like OSX

I have noticed that many people try to imitate Mac OSX Tiger’s look with their current operating system. No matter is it Windows or Linux. I’m one of those people and this is my atteption to make Ubuntu Linux look like OSX Tiger. I use Ubuntu simply because it is the best distribution of the best operating system. Ubuntu uses Gnome as it’s desktop environment. For this reason the guide is for only for Gnome users. It you are using some other distribution, this guide is still valid in most cases.

This guide tries to be as spesific as possible, so that even newbies can follow it easily!

Selengkapnya : http://users.utu.fi/ljtaim/ubuntuosx.php

Release Final Version of Linux Kernel 2.6.17

Finally, the final version of Linux kernel 2.6.17 (code name "Crazed Snow-Weasel") is out and available for public πŸ™‚

Linux 2 6 17
Released 17 June, 2006

Overview :

  • Support for the multicore Niagara series of CPUs from Sun.
  • Driver for the Broadcom 43xx based wireless cards by the bcm43xx project, a chip embedded in many laptops
  • splice, a new I/O mechanism (see below)
  • X86 "SMP alternatives" (optimizes a single kernel image at runtime according with the available platform) (LWN article)
  • New scheduler domain which optimizes CPU scheduling decisions for multi-core CPUs
  • sync_file_range syscall, (LWN article)
  • Block queue IO tracing
  • Raid5 reshaping support (LWN article)
  • Lightweight robust futexes (LWN article)
  • User-space software suspend interface
  • Generic RTC subsystem
  • iptables support for H.323 protocol, compatibility for 32-bit iptables userspace tools running in a 64-bit kernel
  • Add support for Router Preference (RFC4191), Router Reachability Probing (RFC4191) and experimental support for Route Information Option in RA (RFC4191) in IPV6
  • CCID2 support for DCCP
  • Softmac layer to the wireless stack
  • Updates for JFS, ALSA, NFS, V4L/DVB (many new devices added), and many bugfixes and minor updates.

Selengkapnya baca di KernelNewbies

‘Vista, Sistem Operasi Paling Aman’ [Benarkah?]

Jakarta, Windows Vista merupakan sistem operasi teraman yang pernah diciptakan. Hal tersebut yang dituturkan Wakil Presiden Senior Microsoft, Bob Muglia dalam pembukaan TechEd 2006 di Boston.

Microsoft yakin dengan Security Development Lifecycle (SDL) dan teknologi seperti BitLocker dan smart cards, serangan spam, phishing dan spyware tidak berkutik dalam sistem operasi ini.

Seperti dikutip detikINET dari BetaNews, Senin (19/6/2006), Windows Vista sendiri merupakan sistem operasi pertama milik Microsoft yang dibangun dengan model pengembangan SDL.

Dalam Vista, setiap Service yang dijalankan akan mengurangi hak akses pada file sistem, registry dann aktivitas jaringan. Sedangkan kernel pada Vista semakin menyulitkan rootkit untuk sembunyi dari pendeteksian.

Sedangkan ancaman spyware dan malware akan diserahkan pada built-in scanning engine yang berbasis Windows Defender. Untuk mendukung penyaringan dan pemblokiran, firewall Vista memiliki fitur tambahan dari fungsionalitas Windows XP Service Pack 2.

Aplikasi jahat lain juga disaring melalui fitur User Account Control terbaru milik Vista. Sedangkan Internet Explorer 7 dalam Vista dijalankan pada level Protected Mode agar situs-situs dengan kode jahat dapat dicegah.

Pada tahap hardware, Microsoft mengimplementasikan BitLocker full disk encryption. BitLocker ini akan mengenkripsi data ketika ditulis dalam disk. Sehingga jika komputer atau laptop anda dicuri, sang pencuri tidak bisa mengakses data anda tanpa memasukkan recovery key.

Tetapi bagaimanapun juga Microsoft sadar bahwa tidak ada teknologi yang berani secara penuh sistem keamanan, apalagi menyangkut keamanan komputer.

Untuk mengatasi hal tersebut, Microsoft juga mempekerjakan black hacker untuk menguji sistemnya. Microsoft juga berencana meluncurkan Windows Vista Service Pack 1.

Lalu benarkah Vista merupakan sistem operasi paling aman yang pernah dibuat? Penilaiannya kami serahkan pada Anda. (oyd)

Sumber : Detikinet

Howto Install Webmin [Ubuntu Dapper Drake 6.06]

Hanya mendokumentasikan Tutorial yang saya dapet dari searching google, siapa tau besuk kepake…. πŸ™‚

Referensi : http://www.ubuntuforums.org/showthread.php?t=195093

Webmin is an excellent web-based interface to your Unix based machines. There are no webmin packages in the latest release "Dapper". This is how I installed webmin on my Dapper server… Install SSH

#sudo apt-get install ssh

2. Enable the universe and multiverse repositories in the /etc/apt/sources.list (https://wiki.ubuntu.com/AddingRepositoriesCliHowto)

3. To make this easier use a ssh client like Putty (Win32) or a Term on another machine that has a GUI and copy / paste these commands or you can just re-type them…

Below is the source I just happened to use. If it is not working go to: http://prdownloads.sourceforge.net/webadmin/webmin-1.270.tar.gz and find a working mirror.

#wget http://easynews.dl.sourceforge.net/sourceforge/webadmin/webmin-1.270.tar.gz

#gzip -cd webmin-1.270.tar.gz | tar xvf –

#sudo apt-get install libauthen-pam-perl libnet-ssleay-perl libpam-runtime openssl perl perl-modules

#cd webmin*

#sudo ./setup.sh

Basically just hit enter and choose SSL and the auto start the service at boot
Web server port (default 10000): (Feel Free to change this)
Login name (default admin):
Login password: AReallyGoodONE
Password again: AReallyGoodONE
Use SSL (y/n): y
Start Webmin at boot time (y/n): y

Now you can login with the user/password that you set at the https://IpAddressOfYourMachine:10000

My Birthday

Happy Birthday….. πŸ™‚
Pagi-pagi dah banyak banget yg nelpon, bangunin diwaktu lagi enak-enaknya tidur bertemankan “si gembul” boneka beruang kesayangan ane [sok imut banget ya… πŸ™‚ ], cuma buat ngucapin “Happy Birthday”, huh sebel…. ngucapin sih ngucapin, tapi kadonya mana? hehehehe…. just kidding…

Thanks buat semua temenku yang udah say happy birthday to me… πŸ™‚

Yup, hari ini umurku genap 23 tahun, umur bertambah digit, berarti berkuranglah jatah umurku, mudah-mudahan dengan bertambahnya umurku, bertambah pula rasa syukurku, diberikan umur panjang, murah rezeki, gampang jodoh, dan yang pasti mudah-mudahan semakin bisa berbuat banyak untuk keluarga…. Amin… πŸ™‚

Happy Birthday to me……. πŸ™‚

Indahnya Ubuntu Dapper Drake 6.06

Kejadiannya berawal dari salah download, kebetulan saya download ubuntu dapper drake 6.06 yang versi desktop, ternyata itu live CD, denga perasaan sedikit kecewa, karena musti download lagi yang versi essential πŸ™ akhirnya saya cobain juga tuh Ubuntu nya, walau live πŸ™

Kesan pertama, wow, grafisnya tambah keren, tapi kernelnya kok masih 2.16-15 ya? πŸ™

Coba2 googling "Install ubuntu live cd to harddisk", nemu juga sih walau untuk versi laen. pas waktu mau ngejalanin step-stepnya, eh kok di desktop dapper drake ku ada icon install, ya udah aku cobain aja tuh klik, eh ternyata bener, instalasinya selesai, dan coba aku boot, dan gubrakz… ternyata ubuntu dah nongkrong di HD ku… πŸ™‚

Ternyata di cd versi desktop juga nyertain untuk install ke Hard Disk, kayak Knoppix itu loh….  !, bayangin aja klo musti download versi essential nya lagi πŸ™ bandwith cm 64kbps, musti nunggu seharian buat bisa mencicipi dapper drake nya πŸ™

Ok deh, cuma mo curhat aja nih, ubuntu dapper drake 6.06 emang cool…. πŸ™‚ , buat yg dah download versi desktop, don't worry, install live cd ubuntu drapper drake ke hard disk semudah install .exe di window$ πŸ™‚