Friday 6 December 2019

Check Iptables Firewall set up on Centos 6




You can use Iptables to secure your Linux server or VPS. With Iptables you can monitor the traffic of your server using tables, which are a set of rules called chains. Iptables is a flexible firewall tool and few tricks and commands could make working with Iptables much easier.

To configure firewall rules for IPv6, you will have to set up the ip6tables service. If you are using CentOS 7, you will need to set up your firewall using firewalld.

Now lets see how to create a simple firewall on a Centos VPS:

Decide the services and ports to open

Once you have choosed the port to be opened, all other unnecessary ports will be blocked.
You are going to leave SSH port open so that you can connect to the VPS remotely:
let’s say, port 22.
For web traffic open port 80 and 443. To send email, open port 25 (regular SMTP) and 465 (secure SMTP) and to receive open the usual port 110 (POP3) and 995 (secure POP3 port).

Block comman attacks using iptables

You can block common network attacks with the help of iptables ; We will discuss few  attacks:

- >To block null packets use the below command
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

-> To reject is a syn-flood
attack you can use 


iptables -A INPUT -p tcp ! --syn-m state --state NEW -j DROP



Note:



–i  : Insert a rule

-A : Append

-j   : option specifies the target if
a rule is matched



-> To block XMAS packets


iptables -A INPUT -p tcp
--tcp-flags ALL ALL -j DROP



The server allocates a large
number of resources for this packet, as it requires more processing than the
usual packets.





Add
selected services

Open the ports for your selected
services and start adding to the firewall filter. Let’s start with localhost
interface:




iptables -A INPUT -i lo -j ACCEPT



This command tells iptables to
add a rule to the incoming filter table (INPUT) and accept (-j ACCEPT) the
traffic that comes via the localhost interface.



Next you can allow web server traffic by adding the two ports to ACCEPT the change.




iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT



Then you can allow users to use your SMTP servers, using:


iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT



This command will allow users to read email on their server which allow POP3 traffic




iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT



Next you can allow IMAP mail protocol:


iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT



Limiting
SSH access

To allow SSH traffic,  connect to the VPS remotely by the following command


iptables -A INPUT -p tcp -m tcp--dport 22 -j ACCEPT



Note: You can change the SSH configuration to a different port if needed      

      

If you hold a permanent IP
address, you can allow connection to SSH and the connection is available only to
users around your location.



Once after finding your IP address
you can create the firewall rule to allow traffic to the SSH port and then replace
YOUR_IP_ADDRESS with the actuall IP.




iptables -A INPUT -p tcp -s YOUR_IP_ADDRESS -m tcp --dport 22 -j ACCEPT



You can open more ports on your
firewall by changing the port numbers, so that you can access the services you require.
In order to use outgoing connections add the below rule 




iptables -I INPUT -m state--state ESTABLISHED,RELATED -j ACCEPT



Through this you will receive
replies from the VPS on the other side of the connection.Once set up is done you
can block everything else, and allow all other outgoing connections.




iptables -P OUTPUT ACCEPT

iptables -P INPUT DROP



Save
the configuration

Now list the rules to see if
anything is missing out


iptables -L –n               



-n : indicates only ip addresses,
not a domain name



You can save your firewall
configuration by 


iptables-save | sudo tee /etc/sysconfig/iptables



To ensure everything works fine, just restart the firewall. The saved rules will run even when the VPS is rebooted.



service iptables restart





Flush
to unlock yourself

In-case if you block yourselves from accessing the VPS, the Digital Ocean web interface will allow us to connect to the server via console access.

To get back to the VPS again, you can use the follwing command which will flush the filters, once logged in.


iptables -F



Hope you liked it and if any assistance needed Contact Us.



Follow us on Facebook, Twitter to get latest updates!












Posted by



at





No comments:
  


































          

        

          

        

Monday 2 December 2019


          

        










7 Tips to free disk space on cPanel server
































When you run out of disk space, you might experience downtime, slow website loading, or emails that get sent but dose not arrive in your mailbox. You can follow below tips to free your disk sapce and maximize your server’s potential.





1.Delete user cPanel backups

Initially, You need to check whether the backup feature in cPanel is enabled or not. It will take plenty of your disk space usage, If you have got larger servers, as your users might have stored the backups on the server instead of downloading and removing them. By using the below command you can delete all user cPanel backups on the server.



for user in
`/bin/ls -A /var/cpanel/users` ; do rm -fv /home/$user/backup-*$user.tar.gz ;
done



Similarly, if you’re using the cPanel Backup System and are storing your backups locally on the server, you could be using twice as much space as you need to. Hence you can mount a backup server to your hosting server and store the backups there.





2. Delete cPanel File Manager temp files

You can remove the user uploaded files in File Manager within cPanel, as it creates a temp file that might not get removed upon upload.

rm -fv /home/*/tmp/Cpanel_*





3. Move or archive logs

Most of the server’s logs are stored in /var/log, which will populate your servers. Moreover, you can change the length of time and frequency of the log rotation in /etc/logrotate.conf and also enable compression to save additional space.





4. Remove cPanel update archives

You can delete or move /usr/local/apache.backup*

/home/cpeasyapache (actual name might vary based on cpanel
version)

to a backup
server to free little bit of space, as Cpanel and EasyApache updates leave
behind files that are required.





5. Clean up Yum files

You can
clean up all unwanted yum files by running a simple command, as yum updates
leave package cache files on the server.

yum clean all





6. Remove pure-ftp partials

You need to find and delete your users uploaded files to the server via FTP when your server runs pure FTP as an FTP daemon. Next, the FTP server creates temporary files starting with .pureftpd-upload* that rename the actual filename when the upload is complete.

locate
.pureftpd-upload | xargs rm –fv





7. Decrease the reserved disk space

You might have noticed that while checking the disk space. For example you might be using 900GB out of a 1TB drive, but it shows only 50GB available. This is because the other 50GB is reserved.

Such as for a large drives you really don’t need the whole 5%. Hence the best is to set this value to 2500 blocks and you can utilize more disk space. You can simply follow the below command. 

tune2fs -r
2500 /dev/sda1





Note: You need to add the main command on the tune2fs command before you use it. This shows other options for setting the reserved space for your partitions.



Hope it helps ! For any assistance Contact Us.



Find us on Twitter and Facebook.












Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)