[Ubuntu-BR] Firewall Ubuntu 10.04

Wilson Bom wilson_bom em yahoo.com.br
Quinta Março 22 12:54:01 UTC 2012


Bom dia Pessoal,

achei um site ( grc.com ) que testa as portas:

www.grc.com
    ShieldsUP
    ShieldsUP
    Proceed
    Common Ports

O resultado foi este:

GRC Port Authority Report created on UTC: 2012-03-22 at 12:50:48

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                             119, 135, 139, 143, 389, 443, 445,
                             1002, 1024-1030, 1720, 5000

     1 Ports Open
     0 Ports Closed
    25 Ports Stealth
---------------------
    26 Ports Tested

NO PORTS were found to be CLOSED.

The port found to be OPEN was: 22

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                    - NO unsolicited packets were received,

                    - NO Ping reply (ICMP Echo) was received.


Este servidor esta de cara com a internet. Você acham que ele esta seguro ?

Obrigado

Wilson Bom


Em 20-03-2012 10:58, Wilson Bom escreveu:
> Bom dia Jeferson,
>
> sim, ja fiz um teste colocando em /etc/init.d
>
> Me parece que esta funcionando legal, mas não sei fazer testes de 
> ataques para verificar a funcionalidade.
>
> []s
>
>> Bom dia Wilson,
>>
>> Você vai colocar no /etc/init.d/ o script?
>>
>> Abraços
>>
>> Em 20 de março de 2012 11:18, Wilson Bom<wilson_bom em yahoo.com.br>  
>> escreveu:
>>
>>> Bom dia Pessoal,
>>>
>>> Estou tentando instalar firewall e gostaria da opinião dos senhores a
>>> respeito do script abaixo.
>>>
>>> ------------------------------**--------
>>>
>>>
>>> #! /bin/bash
>>>
>>> case "$1" in
>>> start)
>>>
>>>     ###############
>>>     # TITULO ABRE #
>>>     ###############
>>>     echo "Iniciando a Configuração do Firewall"
>>>
>>>     ########################
>>>     # Zera todas as Regras #
>>>     ########################
>>>     echo "Regras Zeradas"
>>>       iptables -F
>>>
>>>     ##############################**##########
>>>     # Bloqueia tudo, nada entra e nada sai #
>>>     ##############################**##########
>>>     echo "Fechando tudo"
>>>       iptables -P INPUT DROP
>>>       iptables -P FORWARD DROP
>>>       iptables -P OUTPUT DROP
>>>
>>>     ##############################**##############################**
>>> ################
>>>     # Impede ataques DoS a maquina limitando a quantidade de 
>>> respostas do
>>> ping #
>>>     ##############################**##############################**
>>> ################
>>>     #echo "Previne ataques DoS"
>>>     #  iptables -A INPUT -p icmp --icmp-type echo-request -m limit 
>>> --limit
>>> 1/s -j ACCEPT
>>>
>>>     ##############################**###
>>>     # Bloqieia completamente o ping #
>>>     ##############################**###
>>>     echo "Bloqueia o pings"
>>>       iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
>>>
>>>     ##########################
>>>     # Politicas de segurança #
>>>     ##########################
>>>     echo "Implementação de politicas de segurança"
>>>       echo 0>  /proc/sys/net/ipv4/conf/all/**accept_source_route # 
>>> Impede
>>> falsear pacote
>>>       echo 0>  /proc/sys/net/ipv4/conf/all/**accept_redirects # 
>>> Perigo de
>>> descobrimento de rotas de roteamento (desativar em roteador)
>>>       echo 1>  /proc/sys/net/ipv4/icmp_echo_**ignore_broadcasts # 
>>> Risco de
>>> DoS
>>>       echo 1>  /proc/sys/net/ipv4/tcp_**syncookies # Só inicia a 
>>> conexão
>>> quando recebe a confirmação, diminuindo a banda gasta
>>>       echo 1>  /proc/sys/net/ipv4/conf/**default/rp_filter # Faz o
>>> firewall responder apenas a placa de rede que recebeu o pacote
>>>       iptables -A INPUT -m state --state INVALID -j DROP # Elimina os
>>> pacotes invalidos
>>>
>>>     ##############################**###
>>>     # Libera conexoes estabelecidas #
>>>     ##############################**###
>>>     echo "Liberando conexões estabelecidas"
>>>       iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>>>       iptables -A FORWARD -m state --state RELATED,ESTABLISHED,NEW 
>>> -j ACCEPT
>>>       iptables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j 
>>> ACCEPT
>>>       iptables -A INPUT -i lo -j ACCEPT
>>>
>>>     ##############################**##############################**
>>> ###########################
>>>     # Libera o acesso via SSH e Limita o número de tentativas de 
>>> acesso a 4
>>> a cada minuto #
>>>     ##############################**##############################**
>>> ###########################
>>>     echo "Liberando o SSH"
>>>       iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state 
>>> NEW -m
>>> recent --update --seconds 60 --hitcount 4 -j DROP
>>>       iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>>>       iptables -A INPUT -p udp --dport 22 -j ACCEPT
>>>
>>>     ##################
>>>     # Libera o Samba #
>>>     ##################
>>>     echo "Liberando o Samba"
>>>       iptables -A INPUT -p tcp --dport 137:139 -j ACCEPT
>>>       iptables -A INPUT -p udp --dport 137:139 -j ACCEPT
>>>
>>>     ###################
>>>     # Libera o Apache #
>>>     ###################
>>>     echo "Liberando o Apache"
>>>       iptables -A INPUT -p tcp --dport 80 -j ACCEPT
>>>
>>>     ################
>>>     # TITULO FECHA #
>>>     ################
>>>     echo "Configuração do Firewall Concluida."
>>>
>>> ;;
>>>
>>> stop)
>>>      echo "Finalizando o Firewall"
>>>      rm -rf /var/lock/subsys/firewall
>>>
>>>      # ------------------------------**------------------------------**
>>> -----
>>>      # Remove todas as regras existentes
>>>      # ------------------------------**------------------------------**
>>> -----
>>>        iptables -F
>>>        iptables -X
>>>        iptables -t mangle -F
>>>      # ------------------------------**------------------------------**
>>> -----
>>>      # Reseta as politicas padrões, aceitar tudo
>>>      # ------------------------------**------------------------------**
>>> -----
>>>        iptables -P INPUT   ACCEPT
>>>        iptables -P OUTPUT  ACCEPT
>>>        iptables -P FORWARD ACCEPT
>>>
>>> ;;
>>>
>>> restart|reload)
>>>        $0 stop
>>>        $0 start
>>>      ;;
>>>
>>> *)
>>>    echo "Selecione uma opção valida 
>>> {start|stop|status|restart|**reload}"
>>>    exit 1
>>>
>>> esac
>>>
>>> exit 0
>>>
>>>
>>> -- 
>>>
>>> Wilson Bom
>>>
>>>
>>>   Serprodata Informática Ltda.
>>>   Av. Marcelino Pires, 1405 - Sala 216
>>>   79800-004 - Dourados - MS
>>>   (067) 3421-3343 - 8407-4808 - 8407-8808
>>>
>>>   Messenger: serprodata em hotmail.com
>>>
>>>   E-mail...: serprodata em hotmail.com
>>>             wilson_bom em hotmail.com
>>>             wilson_bom em yahoo.com.br
>>>             wilson.bom em gmail.com
>>>
>>>
>>>
>>>   Ubuntu Lucid Lynx 10.04 - 2.6.32-25 #44
>>>   Linux Counter: 292553
>>>   Dataflex 3.2 Linux - Dataflex 3.2 MS-Dos
>>>
>>>
>>>
>>>
>>>
>>> -- 
>>> Mais sobre o Ubuntu em português: 
>>> http://www.ubuntu-br.org/**comece<http://www.ubuntu-br.org/comece>
>>>
>>> Lista de discussão Ubuntu Brasil
>>> Histórico, descadastramento e outras opções:
>>> https://lists.ubuntu.com/**mailman/listinfo/ubuntu-br<https://lists.ubuntu.com/mailman/listinfo/ubuntu-br> 
>>>
>>>
>
>


-- 
Wilson Bom


  Serprodata Informática Ltda.
  Av. Marcelino Pires, 1405 - Sala 216
  79800-004 - Dourados - MS
  (067) 3421-3343 - 8407-4808 - 8407-8808

  Messenger: serprodata em hotmail.com

  E-mail...: serprodata em hotmail.com
             wilson_bom em hotmail.com
             wilson_bom em yahoo.com.br
             wilson.bom em gmail.com



  Ubuntu Lucid Lynx 10.04 - 2.6.32-25 #44
  Linux Counter: 292553
  Dataflex 3.2 Linux - Dataflex 3.2 MS-Dos







More information about the ubuntu-br mailing list