Security – dump.4network.org

The rp_filter kernel setting.

The rp_filter – INTEGER

0 – No source validation.

1 – Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded.

2 – Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet’s source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail.

Current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended.

The max value from conf/{all,interface}/rp_filter is used when doing source validation on the {interface}. (Which means it can be set
on each individual interface, or globally. The global setting will override the individual interface settings).

Blocking an IP address using route command.

To add an IP to 127.0.0.1:
root# route add 192.16.1.100 gw 127.0.0.1 lo

Also it can be rejected by:
root# route add -host 192.168.1.100 reject

Block entire subnet 192.168.1.0/24:
root# route add -net 192.168.1.0/24 gw 127.0.0.1 lo

To delete this rule:
root# route del -host 192.168.1.100 reject

Recover the MySQL root password.

To recover the MySQL root Password, please follow these steps:

1. Stop the MySQL server process.

root# /etc/init.d/mysql stop

2. Start the MySQL process with the –skip-grant-tables option, so that it will not prompt for a password.

root# mysqld_safe --skip-grant-tables &

root@mad:/home/user# mysqld_safe –skip-grant-tables &
[1] 23126
root@mad:/home/user# 140729 11:09:49 mysqld_safe Logging to syslog.
140729 11:09:49 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

3. Connect to a MySQL as the root user.

root# mysql -u root

Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 9
Server version: 5.5.38-0+wheezy1-log (Debian)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.
mysql>

4. Set the new password for the MySQL root account.

mysql> use mysql; mysql> update user set password=PASSWORD("NEW-PASSWORD") where user='root'; mysql> flush privileges; mysql> quit

5. Exit and then stop and start or restart the MySQL server.

root# /etc/init.d/mysql restart

Listing the natted/routed connections on a Linux iptables firewall.

You need to use netstat-nat command. You can also use /proc/net/ip_conntrack or /proc/net/nf_conntrack, which is the temporary conntrack storage of netfilter.

root# netstat -nat -l

cat /proc/net/ip_conntrack

SSH – Limit user logins.

SSH logins can be limited to only certain users who need remote access.
The ssh server is configured by the file /etc/ssh/sshd_config. If you wish you can restrict remote access to specific users. For example to only allow “john” and “julia” to login add the following:

AllowUsers john julia

and restart the sshd service.

Unlock the X without a password.

How to unlock X without using the password. It is simple, you have to press Ctrl+Alt+*
the star from the numerical keyboard. More info you find there: