ServerBuddies Support Blog

IP aliases disappears after network services is restarted in Ensim

If networks service has been restarted server looses the IP aliases set by ensim.

To get all IP aliases back restart virtualhosting service.

License Invalid in PPCP after the Network Card change

Parallels Pro Control Panel license is tied to a MAC-address. Therefore, when you change your network card, PPCP does not recognize the license as valid anymore.

Resolution

Just rename /etc/appliance/.license/.LIC_file and /etc/appliance/.license/.MLK_file so that the license would be treated as a new one by PPCP:

Reference: http://parallels.com

tshark - Dump and analyze network traffic

TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark’s native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.

Without any options set, TShark will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet.

Example :

-n Disable network object name resolution (such as hostname, TCP and UDP port names), the -N flag might override this one.

-i [capture interface]

Protect a server within a network by using a TCP Wrapper.

The Xinetd super server that comes with most Linux distributions includes a built-in TCP wrapper.

It can be used to explicitly define network services to accept incoming connections from specified servers and networks.

The TCP wrappers implements access control through the use of two files, /etc/hosts.allow and /etc/hosts.deny

A recommended security-strategy is to block all incoming requests by default, but allow specific hosts or networks to connect.

To deny everything by default, add the following line to /etc/hosts.deny:

To accept incoming SSH connections from e.g. nodes lab1, lab2 and lab3, add the following line to /etc/hosts.allow

To accept incoming SSH connections from all servers from a specific network, add the name of the subnet to /etc/hosts.allow.

For example:

To accept incoming ssh connections from IP address 192.168.0.1 and subnet 192.168.5, add the following line to /etc/hosts.allow:

You can even tell xinetd to limit the rate of incoming connections. The TCP wrapper is quite flexible. And xinetd provides its own set of host-based and time-based access control functions.

Detect and close network ports that are not needed.

To get a list of listening network ports (TCP and UDP sockets), you can run the following command:

# netstat -tulp

Using nmap

# nmap -sTU [remote_host]

If you remove the UDP port scan (without the option “-U”), then nmap will finish the port scan immediately. If you run it on the local machine it will also complete very fast.

Also note that nmap might not show all listening network sockets if a firewall is being used to block ports.

Another method to list all of the TCP and UDP sockets to which programs are listening is lsof:

# lsof -i -n | egrep ‘COMMAND|LISTEN|UDP’

One of the most important tasks is to remove any network services from the system startup process that are not needed.

On Red Hat systems you can list all services which are started at bootup using the following command:

To permanently disable e.g. the runlevel service nfs, run:

To immediately disable the runlevel service nfs, run: