-
MARC
Mailing list ARChives |
FOLDOC
Computing Dictionary |
|
General questions about Security.
by michael-lentz on Tue Sep 16, 2014 9:46 am
I am familiar with using IPTOOLS and UFW and have set up new firewalls. I have 'inherited' a remote server with a very complicated firewall that I want to get rid of, and start ove using SSH.
There is a file called /root/firewall.rules. Does this firewall get automatically loaded at reboot ? If I delete this file and reboot, will I get the Default Firewall ?
-
michael-lentz
-
- Posts: 2
- Joined: Tue Sep 16, 2014 9:29 am
by Patton on Wed Sep 17, 2014 2:20 pm
michael-lentz wrote:I am familiar with using IPTOOLS and UFW and have set up new firewalls. I have 'inherited' a remote server with a very complicated firewall that I want to get rid of, and start ove using SSH.
There is a file called /root/firewall.rules. Does this firewall get automatically loaded at reboot ? If I delete this file and reboot, will I get the Default Firewall ?
/root/firewall.rules maybe loaded by the previous server account owner in a startup script but not by default. I would sugguest simply renaming the file, rebooting and then running - Code: [Select all] [Expand/Collapse] [Download] (Untitled.bsh)
"If everyone is thinking alike, then somebody isn't thinking." - George S. Patton
-

Patton
-
- Posts: 18
- Joined: Tue Dec 10, 2013 11:22 pm
by michael-lentz on Thu Sep 18, 2014 8:39 am
I removed the /root/firewall.rules file, and rebooted. I ran my own firewall.sh and firewall looked good. After a few minutes I checked, and the firewall returned to the previous firewall. I ran my own firewall.sh again, and now it is staying.
Something must be loading the old firewall from somewhere else. I did a Grep of the system for a string I found inside the old firewall but got no hits.
-
michael-lentz
-
- Posts: 2
- Joined: Tue Sep 16, 2014 9:29 am
by Patton on Thu Sep 18, 2014 10:07 am
michael-lentz wrote:I removed the /root/firewall.rules file, and rebooted. I ran my own firewall.sh and firewall looked good. After a few minutes I checked, and the firewall returned to the previous firewall. I ran my own firewall.sh again, and now it is staying.
Something must be loading the old firewall from somewhere else. I did a Grep of the system for a string I found inside the old firewall but got no hits.
If its loading sometimes after the system is rebooted I would chech - Code: [Select all] [Expand/Collapse] [Download] (Untitled.bsh)
Look for lines like iptables-save > /root/somefile or service iptables save > /root/somefile or /sbin/iptables-restore < /root/somefileAlso - Code: [Select all] [Expand/Collapse] [Download] (Untitled.bsh)
for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done
will find all crontabs by all users both legit and malicious.
"If everyone is thinking alike, then somebody isn't thinking." - George S. Patton
-

Patton
-
- Posts: 18
- Joined: Tue Dec 10, 2013 11:22 pm
Return to Security General Help
Users browsing this forum: No registered users and 0 guests
|
|