Block IP Addresses With IPtables:
This command will simply drop any packet coming from the address 25.55.55.55. To list the chains:
iptables -I INPUT -s 25.55.55.55 -j DROP
The -n sticks with just IP addresses, rather than resolving the name. This is useful if you have a lot of IP addresses. It can take a lot of time to resolve all of the addresses.
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all — 25.55.55.55 0.0.0.0/0
If you later decide that you don’t want to drop packets from a particular host, use the -D option instead of -I:
iptables -D INPUT -s 25.55.55.55 -j DROP
SSH Security On cPanel Servers.
1. Change SSH port number.
Edit your ssh configuration file under /etc/ssh/sshd_config and add/replace this line:
# What ports, IPs and protocols we listen for
Port 22
2. Allow only the IP’s that you would like to have access to SSH through your firewall.
iptables -A INPUT -i eth0 -s 192.168.1.1 -p tcp –dport 22 -j ACCEPT
3. Use a utility like BFD, BlockHosts and DenyHosts
denyhosts - a utility to help system admins thwart ssh crackers
4. Use iptables to limit the rate of incoming connections to SSH.
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
This will limit incoming connections to port 22 to no more than 3 attempts in a minute. Any more will be dropped.
Managing an Exim 4 server.
Remove mails by ID.
/usr/sbin/exim -v -Mrm (MAIL ID HERE)
List queded mails.
Output the number of queded mails.
Delete frozen mails.
/usr/sbin/exim -bp | awk ‘$6~”frozen” { print $3 }’ | xargs exim -Mrm
Deliver forcefully emails.
/usr/sbin/exim -qff -v -C /etc/exim.conf &
Freeze Mails from the sender.
/usr/sbin/exiqgrep -i -f (MAIL ADDRESS HERE) | xargs exim -Mf
Remove mails from the sender.
/usr/sbin/exiqgrep -i -f (MAIL ADDRESS HERE) | xargs exim -Mrm
Files in /var/spool/exim/msglog contain logging information for each message and are named the same as the message-id.
Exim includes a utility that is quite nice for grepping through the queue, called exiqgrep.
http://www.exim.org/exim-html-4.50/doc/html/spec_49.html#IX2895
Reference: http://www.exim.org/
Testing Link Status from the Command Line
mii-tool and ethtool commands command will provide reports on the link status and duplex settings for supported NICs.
root@laptop:~# mii-tool
eth0: negotiated 100baseTx-FD flow-control, link ok
ethtool - Display or change ethernet card settings.
ethtool is used for querying settings of an ethernet device and changing them. ethX is the name of the ethernet device on which ethtool should operate. ethtool with a single argument specifying the device name prints current settings of the specified device.
root@laptop:~# ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0×00000000 (0)
Link detected: yes
How to check packet Flows using tcpdump
Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.
One of the most common uses of tcpdump is to determine whether you are getting basic two-way communication.
Command Options:
icmp View icmp packets
tcp port port-number View TCP packets with packets with either a source or destination TCP port of port-number
udp port port-number View UDP packets with either a source or destination UDP port of port-number
Example:
By using the -w filename option you can send the entire Ethernet frame, not just a brief IP information that normally goes to the screen, to a file. This can then be analyzed by graphical analysis tools such as Wireshark, which is available in both Windows and Linux
tcpdump -i eth0 -w /tmp/tcp.dump tcp port 22
The -n switch stops DNS name lookups and will make tcpdump work more reliably.
tcpdump -i eth0 -n tcp port 22
