www.borco.sk
Linux
|
Huraaaaa konecne som nasiel - monitor trafficu jednotlivych pocitacov - ntop Ale este lepsii je monitoring sucastneho stavu iftop wget http://www.ex-parrot.com/~pdw/iftop/download/iftop-0.15.tar.gz tar xvzf iftop-0.15.tar.gz cd iftop-0.15 ./configure make make install Linux squid - dansguardian,sarg-statistiky ftp s commandfile ftp -s:command-file ftp.server.sk ******** command-file *********** username password lcd c:\downloaddir cd downloaddir get file1.zip get file2.zip cd extras get extrasfile1.zip quit ************************************** sprevadzkovanie 2 rovnake sietovky do /etc/conf.modules pridatalias eth0 naz_modulu alias eth1 naz_modulu options naz_modulu io=0x300,0x320 irq=5,6 io,irq - vid /proc/interrupts /proc/ioports ****** pozri co robi ------- lspci -v ************************* dalsia moznost ak je zakompilovany modul pridat do lilo.conf --- append = "ether=9,0x300,eth0 ether=10,0x280,eth1" tcpdump tcpdump -i eth1 not src host 10.0.0.1modules!!!!!!!!!!!!!!!!!!!!!!!!!!1 tcpdump -i eth1 not src host 10.0.0.1URPMI urpmi.addmedia mandr_ftp_old ftp://mandrake.redbox.cz/Mandrake-old/9.0/i586/Mandrake/RPMS/ with ../base/hdlist.czurpmi.addmedia mandr_ftp_upd_old ftp://ftp3.mandrake.sk/mirrors2/Mandrake/updates/9.0/RPMS with ../base/hdlist.cz urpmi.addmedia mandr_ftpsk ftp://ftp3.mandrake.sk/mirrors2/Mandrake/9.2/i586/Mandrake/RPMS with ../base/hdlist.cz urpmi.addmedia mandr_ftpsk_contrib ftp://ftp3.mandrake.sk/mirrors2/Mandrake/9.2/i586/Mandrake/RPMS2 with ../base/hdlist2.cz urpmi.addmedia mandr_ftp_update ftp://ftp3.mandrake.sk/mirrors2/Mandrake/updates/9.2/RPMS with ../base/hdlist.cz urpmi.addmedia mandr_ftp_update ftp://ftp3.mandrake.sk/mirrors2/Mandrake/updates/9.1/RPMS with ../base/hdlist.cz urpmi.addmedia qmail http://www.rpmhelp.net/Mandrake/djbware/9.1/RPMS with ../base/hdlist.cz !!urpmi.addmedia spirit_contrib ftp://spirit.profinet.sk/mirrors/Mandrake/9.0/contrib/RPMS with ../../i586/Mandrake/base/hdlist2.cz !!urpmi.addmedia samba ftp://gd.tuwien.ac.at/z3/infosys/servers/samba/Binary_Packages/Mandrake/RPMS/9.1 with ./hdlist.cz aktualizacia: urpmi --auto-select urpmi.update -a IPTABLES -[ADC] chain specifikacia_pravidla [options] A-append - pridanie pravidla do daneho chainu
R-replace - prepise pravidlo cislo - rulenum -[D] chain rulenum [options] D-delete - zmazanie daneho chainu -[LFZ] [chain] [options] L- list - vypis vsetkych previdiel - s prepinacom -v - vypise aj pocet bajtov
+ paketov spracovanych tymto pravidlom -[NX] chain N-new - novy chain -[P] chain target P-policy - nastavenie policy - ak sa nespracuje paket v niektorom pravidle - tak sa pouzije standard policy -[E] old-chain-name old-chain-name E-premenovanie chainu -------------------------------------------------------------------------------- Parametre -p protokol = protokol moze nadobudat hodnoty tcp,udp,icmp,all -o [!] out_interface -paket odchadza cez out_interface napr(-o eth1) -i [!] in_interface - paket prichadza cez in_interface napr(-i eth1) -s [!] adresa/maska -(source)zdrojova adresa paketu -d [!] adresa/maska - (destination)cielova adresa paketu Ak je zadane -p tcp alebo udp mozno puzit nasledovne 2: --sport [!] port[:port] -(source port)- zdrojovy port --dport [!] port[:port] -(destination port)- cielovy port -j target - (jump)ak vyhovuje paket tak skoc na 'target'-bud vlastny chain alebo preddefinovane spracovanie: DNAT - v PREROUTING a OUTPUT chains (-j DNAT --to-destination ipaddr[-ipaddr][:port-port]) SNAT - v POSTROUTING a INPUT chains (-j SNAT --to-source ipaddr[-ipaddr][:port-port])
-L -v = vypis pravidiel + pocet paketov + pocet bytov akceptovanych tymto pravidlom -n = vypis portov cislom Ako na automatick pripojenie zaloznej linky? - http://www.wlug.org.nz/FailoverInternetConnection Monitorovanie host+service vid projekt nagios http://www.nagios.org/ vpopmail groupadd -g 89 vchkpw useradd -g vchkpw -u 89 vpopmail cd /usr/local/src wget http://osdn.dl.sourceforge.net/sourceforge/vpopmail/vpopmail-5.4.0.tar.gz tar xzf vpopmail-5.4.0.tar.gz chown -R root.root vpopmail-5.4.0 cd vpopmail-5.4.0 echo "localhost|0|vpopmailuser|vpoppasswd|vpopmail" > ~vpopmail/etc/vpopmail.mysql chown vpopmail.vchkpw ~vpopmail/etc/vpopmail.mysql chmod 640 ~vpopmail/etc/vpopmail.mysql /usr/local/mysql/bin/mysql --password="mysql-root-pwd" CREATE DATABASE vpopmail; GRANT select,insert,update,delete,create,drop ON vpopmail.* TO vpopmailuser@localhost IDENTIFIED BY 'vpoppasswd'; quit ./configure --enable-roaming-users=n --enable-logging=p --enable-defaultquota=20971520S --enable-ip-alias-domains=n --enable-passwd=n --enable-clear-passwd=y --enable-domain-quotas=n --enable-auth-module=mysql --enable-many-domains=n --enable-auth-logging=y --enable-mysql-logging=y --enable-valias=y --enable-mysql-limits=n make make install-strip samba wget http://us1.samba.org/samba/ftp/samba-3.0.1.tar.gz gunzip samba-3.0.1.tar.gz tar xf samba-3.0.1.tar cd samba-3.0.1/source ./configure --prefix=/usr/local/ --with-configdir=/usr/local/etc/samba --with-privatedir=/usr/local/etc/samba/private --with-lockdir=/usr/local/var/lock --with-piddir=/usr/local/var/run --with-logfilebase=/usr/local/var/log --with-swatdir=/usr/local/var/samba --with-smbmount --with-utmp --with-syslog make strip --strip-debug bin/libsmbclient.so mv bin/libsmbclient.so . strip --strip-unneeded bin/* mv libsmbclient.so bin/ make install Nastavenie localnych profilov (zabranenie roaming profilov) gpedit.msc - Local Computer Policy\Computer Configuration\Administrative Templates\System\User Profiles\ Disable: Only Allow Local User Profiles Disable: Prevent Roaming Profile Change from Propagating to the Server CD.zip |
