install-x86-minimal-2006.0.iso fdisk /dev/hda Command (m for help): d Partition number (1-4): 1 ... Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-3876, default 1): (Hit Enter) Using default value 1 Last cylinder or +size or +sizeM or +sizeK (1-3876, default 3876): +32M Necesitamos hacer que esta partición sea arrancable. Teclee a para marcar esta partición como arrancable. Si introduce p de nuevo, verá que el * ha aparecido en la columna "Boot". (cuando se introduzca se marca la partición primaria 1). SWAP: Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 2 First cylinder (6-14593, default 6): (Hit Enter) Using default value 6 Last cylinder or +size or +sizeM or +sizeK (6-14593, default 14593): +512M RAIZ: Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 3 First cylinder (69-14593, default 69): (Hit Enter) Using default value 69 Last cylinder or +size or +sizeM or +sizeK (69-14593, default 14593): +20000M HOME: Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 4 First cylinder (2052-14593, default 2052): (Hit Enter) Using default value 2052 Last cylinder or +size or +sizeM or +sizeK (2052-14593, default 14593): +20000M mke2fs -j /dev/hda1 mke2fs -j /dev/hda3 mke2fs -j /dev/hda4 Listado de Código 13: Inicialización de una partición de intercambio # mkswap /dev/hda2 Listado de Código 14: Activación de una partición de intercambio # swapon /dev/hda2 Listado de Código 15: Montaje de particiones # mount /dev/hda3 /mnt/gentoo # mkdir /mnt/gentoo/boot # mount /dev/hda1 /mnt/gentoo/boot # mkdir /mnt/gentoo/home # mount /dev/hda4 /mnt/gentoo/home links http://www.gentoo.org/main/en/mirrors.xml experimental: stage3-x86-selinux-piessp-20050726.tar.bz2 normal: stage3-x86-hardened-2.6-2006.0.tar.bz2 cd /mnt/gentoo tar xvjpf /mnt/gentoo/stage* tar xvjf /mnt/gentoo/portage* -C /mnt/gentoo/usr nano -w /mnt/gentoo/etc/make.conf Listado de Código 20: MAKEOPTS para un sistema normal de 1-CPU MAKEOPTS="-j2" CFLAGS="-march=athlon-xp -pipe -O2" CXXFLAGS="${CFLAGS}" Listado de Código 1: Utilizando mirrorselect para la variable GENTOO_MIRRORS # mirrorselect -i -o >> /mnt/gentoo/etc/make.conf Listado de Código 2: Seleccionando un servidor rsync utilizando mirrorselect # mirrorselect -i -r -o >> /mnt/gentoo/etc/make.conf Listado de Código 3: Copiando los DNS (La opción "-L" es necesaria para asegurarnos que no copiamos un enlace simbólico) # cp -L /etc/resolv.conf /mnt/gentoo/etc/resolv.conf Listado de Código 4: Montando /proc # mount -t proc none /mnt/gentoo/proc # mount -o bind /dev /mnt/gentoo/dev Listado de Código 5: Entrando al nuevo entorno # chroot /mnt/gentoo /bin/bash # env-update >> Regenerating /etc/ld.so.cache... # source /etc/profile # export PS1="(chroot) $PS1" Listado de Código 6: Actualizando el árbol Portage # emerge --sync Listado de Código 7: Comprobando el perfil del sistema # ls -l /etc/make.profile lrwxrwxrwx 1 48 Apr 8 18:51 /etc/make.profile -> ../usr/portage/profiles/hardened/x86/2.6/ # emerge hardened-sources emerge syslog-ng emerge vixie-cron emerge dhcpcd emerge grub grub.conf: default 0 timeout 30 title=Gentoo Linux 2.6.12-r10 root (hd0,0) kernel /boot/kernel-2.6.12-gentoo-r10 root=/dev/hda3 # grub grub> root (hd0,0) (Especifique donde tiene su partición /boot) grub> setup (hd0) (Instalamos GRUB en el MBR) grub> quit (Salimos del intérprete de comandos de GRUB) reboot. emerge paxtest emerge paxctl emerge --sync && emerge --update --deep --newuse world && emerge -e system && emerge -e world && revdep-rebuild arreglar posibles fallos en la memoria shared paxctl. emerge rkhunter chkrootkit emerge cryptsetup nano /etc/conf.d/cryptfs swap=crypt-swap source=/dev/hda2 /etc/fstab: /dev/hda2 none swap sw 0 0 POR: /dev/mapper/crypt-swap none swap sw 0 0' eliminar todas las lineas de /etc/securetty /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 6969 Protocol 2,1 #AddressFamily any ListenAddress 192.168.1.156 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/lib/misc/sftp-server # AllowUsers AllowUsers david localhost etc # cat hosts.allow sshd : 192.168.1.154 localhost etc # cat hosts.deny sshd : ALL emerge gentoolkit glsa-check -l affected glsa-check -f affected who muestra los usuarios, pero w no. para arreglar who: Make a special group, let's call it "seers" because users in this group will beable to "see" things, heheh. Now we have to make it so regular users can't read the utmp, the wtmp, the btmp, and the lastlogin files: chown root:seers /var/run/utmp chmod 640 /var/run/utmp chown root:seers /var/log/wtmp chmod 660 /var/log/wtmp # chown root:utmp /var/run/btmp # chmod 660 /var/run/btmp chown root:utmp /var/log/lastlog chmod 660 /var/log/lastlog Ok, that's e-lite, damn. Now we make it so the command users can be used again: chown root:seers /usr/bin/users chmod 2755 /usr/bin/users now we move /usr/bin/who somewhere else and replace it with a perl script: Code: #!/usr/bin/perl #written by MikeeUSA #this script is in the public domain $upt = `/usr/bin/uptime`; $who = `/usr/bin/users`; chomp($upt); chomp($who); @who = split(/ /,$who); print"$upt\n"; print"USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\n"; To answer the original poster's question, the reason for the difference in output between 'w' and 'who' is due to the fact that 'w' uses /proc to get its information, while 'who' uses the globally-readable /var/run/utmp, and /var/log/wtmp files. Grsecurity's /proc restrictions cause the different 'w' output since you can't view the /proc listings for processes of other users, but to have 'who' report just as strict information you have to create the privileged filter/wrapper like mikeusa suggested. localhost david # users david /etc/host.conf: Opción nospoof Como se explicó en la sección la sección de nombre Resolución inversa, ” DNS le permite encontrar un nombre de máquina perteneciente a una dirección IP utilizando el dominio in-addr.arpa. Los intentos de los servidores de nombres de proporcionar un nombre falso se conocen en Inglés como spoofing1. Para evitar esto, el sistema puede configurarse para comprobar si las direcciones IP originales están de hecho asociadas con el nombre obtenido. Si no, el nombre será rechazado y se retornará un error. Esta opción se activa poniendo nospoof on. alert Esta opción puede tomar el valor on u off como argumentos. Si se activa, cualquier intento de spoof será anotado con un mensaje enviado al sistema de registros syslog. # /etc/host.conf # Tenemos servidor de nombres, pero no NIS (de momento) order bind hosts # Permitir multiples direcciones multi on # Contra los nombres falsos nospoof on # Dominio local por defecto (no necesario). trim vbrew.com. /etc/security/access.conf -:ALL EXCEPT david:ALL Comprobar que esta incluido en /etc/pam.d/login: account required /lib/security/pam_access.so Poner en castellano gentoo: ISO8859-15 habilitado en el kernel. localhost david # cat /etc/conf.d/keymaps # /etc/conf.d/keymaps # Use KEYMAP to specify the default console keymap. There is a complete tree # of keymaps in /usr/share/keymaps to choose from. KEYMAP="es euro2" # Should we first load the 'windowkeys' console keymap? Most x86 users will # say "yes" here. Note that non-x86 users should leave it as "no". SET_WINDOWKEYS="yes" # The maps to load for extended keyboards. Most users will leave this as is. #EXTENDED_KEYMAPS="" EXTENDED_KEYMAPS="backspace keypad euro" # Tell dumpkeys(1) to interpret character action codes to be # from the specified character set. # This only matters if you set UNICODE="yes" in /etc/rc.conf. # For a list of valid sets, run `dumpkeys --help` DUMPKEYS_CHARSET="" Archivo: /etc/env.d/02locale: LANG="es_ES@euro" LC_ALL="es_ES@euro" ln -s /usr/share/zoneinfo/Europe/Madrid /etc/localtime /etc/conf.d/consolefont: CONSOLETRANSLATION="8859-15_to_uni.trans" /etc/conf.d/hostname: fr33nux /etc/hosts: 127.0.0.1 localhost fr33nux Si sale en uname -a: Local time zone must be set Establecer las locales y recompilar el kernel (esto es a causa de GNU C LIBRARY). Deshabilitar CTLR + ALT + DEL: Fichero /etc/inittab y comentar la linea: ca:12345:ctrlaltdel:/sbin/shutdown -r now boot single user: GRUB When your GRUB menu comes up, select the kernel you want to boot and hit 'e' to edit the line. Select the kernel line and hit 'e' again. Now add '1' or 'softlevel=single' to the end of the line, and press enter and then 'b' to boot. GRUB title gentoo-single root (hd0,0) kernel /vmlinuz root=/dev/sda2 1 Need root password Single user mode on Gentoo does prompt for username and password, so this is not the answer for a lost root password. If you do need to reset your root password try appending 'init=/bin/bash' instead and then 'mount -o remount,rw /' to give you a writable file system. Don't forget to 'sync' any changes to disk before rebooting. emerge macchanger /etc/conf.d/net: # To randomize between any physical type of connection (e.g. fibre, copper, # wireless) , all vendors mac_eth0="random-anykind" fr33nux david # emerge cronbase Si escogió vixie-cron, debe comentar todas las líneas del /etc/crontab. Listado de Código 3.3: Comentar todas las líneas en /etc/crontab # sed -i -e "s/^/#/" /etc/crontab fr33nux cron # pwd /root/taskmanager/cron fr33nux cron # cat taskmanager.cron #Mins Horas Días Meses Dia de la semana 30 5 * * * /bin/bash /root/taskmanager/script/taskmanager.sh fr33nux taskmanager # ls cron logs_seguridad script fr33nux taskmanager # pwd /root/taskmanager fr33nux script # ls taskmanager.sh fr33nux script # pwd /root/taskmanager/script fr33nux script # cat taskmanager.sh #!/bin/bash /usr/bin/rkhunter --update && /usr/bin/rkhunter -c --skip-keypress > /root/taskmanager/logs_seguridad/rkhunter-`date +%F`.log /usr/sbin/chkrootkit > /root/taskmanager/logs_seguridad/chkrootkit-`date +%F` /usr/bin/glsa-check -l affected > /root/taskmanager/logs_seguridad/glsa-check-`date +%F` /usr/bin/emerge --sync > /root/taskmanager/logs_seguridad/emerge-sync-`date +%F` /usr/bin/find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls -la {} \; 2>/dev/null > /root/taskmanager/logs_seguridad/suidfiles-`date +%F`.log /usr/bin/find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; 2>/dev/null >/root/taskmanager/logs_seguridad/ficheros_escritura_todos-`date +%F`.log /usr/bin/find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; 2>/dev/null >>/root/taskmanager/logs_seguridad/ficheros_escritura_todos-`date +%F`.log fr33nux cron # pwd /root/taskmanager/cron fr33nux cron # crontab taskmanager.cron fr33nux cron # crontab -l # DO NOT EDIT THIS FILE - edit the master and reinstall. # (taskmanager.cron installed on Thu Aug 17 19:25:39 2006) # (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $) #Mins Horas Días Meses Dia de la semana 30 5 * * * /bin/bash /root/taskmanager/script/taskmanager.sh fr33nux ~ # perl -v perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = "es_ES@euro", LANG = "es_ES@euro" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). This is perl, v5.8.8 built for i386-linux Copyright 1987-2006, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. añadir a /etc/locales.build: es_ES@euro ISO-8859-15 fr33nux ~ # locale-gen * (15/15) Generating es_ES.ISO-8859-15@euro ... [ ok ] fr33nux david # emerge app-admin/sudo app-vim/sudo fr33nux logs_seguridad # emerge logsentry emerge iptables emerge host fr33nux ~ # emerge tcpdump emerge aide iptables run level script: #!/sbin/runscript IPTABLES=/sbin/iptables IP_PRIVADA_PORTATIL=192.168.1.154 IP_PRIVADA_SERVIDOR=192.168.1.156 IP_PUBLICA_SERVIDOR=81.172.47.105 IP_PUBLICA_SERVIDOR_DNS_1=62.42.230.24 IP_PUBLICA_SERVIDOR_DNS_2=62.42.63.52 opts="${opts} showstatus" depend() { need net } start() { ebegin "Iniciando el cortafuegos" rules eend $? } stop() { ebegin "Parando el cortafuegos" $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -X $IPTABLES -P FORWARD ACCEPT $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT eend $? } rules() { einfo "Estableciendo la regla por defecto para drop" $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP einfo "Estableciendo las reglas para ACCEPT." $IPTABLES -A INPUT -s $IP_PRIVADA_PORTATIL -d $IP_PRIVADA_SERVIDOR -p tcp --dport 6969 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -s $IP_PRIVADA_SERVIDOR -d $IP_PRIVADA_PORTATIL -p tcp --sport 6969 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -d $IP_PUBLICA_SERVIDOR -p tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -s $IP_PUBLICA_SERVIDOR -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -s $IP_PUBLICA_SERVIDOR_DNS_1 -p udp -m udp --sport 53 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -d $IP_PUBLICA_SERVIDOR_DNS_1 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -s $IP_PUBLICA_SERVIDOR_DNS_2 -p udp -m udp --sport 53 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -d $IP_PUBLICA_SERVIDOR_DNS_2 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -s $IP_PRIVADA_PORTATIL -d $IP_PRIVADA_SERVIDOR -p tcp --dport 8888 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -s $IP_PRIVADA_SERVIDOR -d $IP_PRIVADA_PORTATIL -p tcp --sport 8888 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -d $IP_PUBLICA_SERVIDOR -p tcp --sport 6667 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -s $IP_PUBLICA_SERVIDOR -p tcp -m tcp --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -d $IP_PUBLICA_SERVIDOR -p tcp --sport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -s $IP_PUBLICA_SERVIDOR -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -d $IP_PUBLICA_SERVIDOR -p tcp --sport 1863 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -s $IP_PUBLICA_SERVIDOR -p tcp -m tcp --dport 1863 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -s $IP_PRIVADA_PORTATIL -d $IP_PRIVADA_SERVIDOR -p icmp --icmp-type echo-reply -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A OUTPUT -s $IP_PRIVADA_SERVIDOR -d $IP_PRIVADA_PORTATIL -p icmp --icmp-type echo-request -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A INPUT -s $IP_PRIVADA_PORTATIL -d $IP_PRIVADA_SERVIDOR -p icmp --icmp-type echo-request -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A OUTPUT -s $IP_PRIVADA_SERVIDOR -d $IP_PRIVADA_PORTATIL -p icmp --icmp-type echo-reply -m state --state ESTABLISHED,RELATED -j ACCEPT einfo "Estableciendo la regla para registrar eventos." # Any udp not already allowed is logged and then dropped. $IPTABLES -A INPUT -i eth0 -p udp -j LOG --log-prefix "IPTABLES UDP-IN: " $IPTABLES -A INPUT -i eth0 -p udp -j DROP $IPTABLES -A OUTPUT -o eth0 -p udp -j LOG --log-prefix "IPTABLES UDP-OUT: " $IPTABLES -A OUTPUT -o eth0 -p udp -j DROP # Any icmp not already allowed is logged and then dropped. $IPTABLES -A INPUT -i eth0 -p icmp -j LOG --log-prefix "IPTABLES ICMP-IN: " $IPTABLES -A INPUT -i eth0 -p icmp -j DROP $IPTABLES -A OUTPUT -o eth0 -p icmp -j LOG --log-prefix "IPTABLES ICMP-OUT: " $IPTABLES -A OUTPUT -o eth0 -p icmp -j DROP # Any tcp not already allowed is logged and then dropped. $IPTABLES -A INPUT -i eth0 -p tcp -j LOG --log-prefix "IPTABLES TCP-IN: " $IPTABLES -A INPUT -i eth0 -p tcp -j DROP $IPTABLES -A OUTPUT -o eth0 -p tcp -j LOG --log-prefix "IPTABLES TCP-OUT: " $IPTABLES -A OUTPUT -o eth0 -p tcp -j DROP # Anything else not already allowed is logged and then dropped. # It will be dropped by the default policy anyway ........ but let's be paranoid. $IPTABLES -A INPUT -i eth0 -j LOG --log-prefix "IPTABLES PROTOCOL-X-IN: " $IPTABLES -A INPUT -i eth0 -j DROP $IPTABLES -A OUTPUT -o eth0 -j LOG --log-prefix "IPTABLES PROTOCOL-X-OUT: " $IPTABLES -A OUTPUT -o eth0 -j DROP # Any udp not already allowed is logged and then dropped. $IPTABLES -A INPUT -i eth1 -p udp -j LOG --log-prefix "IPTABLES UDP-IN: " $IPTABLES -A INPUT -i eth1 -p udp -j DROP $IPTABLES -A OUTPUT -o eth1 -p udp -j LOG --log-prefix "IPTABLES UDP-OUT: " $IPTABLES -A OUTPUT -o eth1 -p udp -j DROP # Any icmp not already allowed is logged and then dropped. $IPTABLES -A INPUT -i eth1 -p icmp -j LOG --log-prefix "IPTABLES ICMP-IN: " $IPTABLES -A INPUT -i eth1 -p icmp -j DROP $IPTABLES -A OUTPUT -o eth1 -p icmp -j LOG --log-prefix "IPTABLES ICMP-OUT: " $IPTABLES -A OUTPUT -o eth1 -p icmp -j DROP # Any tcp not already allowed is logged and then dropped. $IPTABLES -A INPUT -i eth1 -p tcp -j LOG --log-prefix "IPTABLES TCP-IN: " $IPTABLES -A INPUT -i eth1 -p tcp -j DROP $IPTABLES -A OUTPUT -o eth1 -p tcp -j LOG --log-prefix "IPTABLES TCP-OUT: " $IPTABLES -A OUTPUT -o eth1 -p tcp -j DROP # Anything else not already allowed is logged and then dropped. # It will be dropped by the default policy anyway ........ but let's be paranoid. $IPTABLES -A INPUT -i eth1 -j LOG --log-prefix "IPTABLES PROTOCOL-X-IN: " $IPTABLES -A INPUT -i eth1 -j DROP $IPTABLES -A OUTPUT -o eth1 -j LOG --log-prefix "IPTABLES PROTOCOL-X-OUT: " $IPTABLES -A OUTPUT -o eth1 -j DROP einfo "Estableciendo la regla para detección de scanner de puertos." # Detección de scanners de puertos $IPTABLES -N check-flags $IPTABLES -F check-flags $IPTABLES -A check-flags -p tcp --tcp-flags ALL FIN,URG,PSH -m limit --limit 5/minute -j LOG --log-level alert --log-prefix "NMAP-XMAS:" $IPTABLES -A check-flags -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP $IPTABLES -A check-flags -p tcp --tcp-flags ALL ALL -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix "XMAS:" $IPTABLES -A check-flags -p tcp --tcp-flags ALL ALL -j DROP $IPTABLES -A check-flags -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix "XMAS-PSH:" $IPTABLES -A check-flags -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP $IPTABLES -A check-flags -p tcp --tcp-flags ALL NONE -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix "NULL_SCAN:" $IPTABLES -A check-flags -p tcp --tcp-flags ALL NONE -j DROP $IPTABLES -A check-flags -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/minute -j LOG --log-level 5 --log-prefix "SYN/RST:" $IPTABLES -A check-flags -p tcp --tcp-flags SYN,RST SYN,RST -j DROP $IPTABLES -A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/minute -j LOG --log-level 5 --log-prefix "SYN/FIN:" $IPTABLES -A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP eend $? } showstatus() { ebegin "Estatus" $IPTABLES -L -n -v --line-numbers einfo "Estatus NAT" $IPTABLES -L -n -v --line-numbers -t nat eend $? } restart() { svc_stop; svc_start } LVMs, LVMs Cifrados .... KERNEL HARDENING OPTIONS, LVM... snort + mysql + apache + acid, politicas grsec ... TASKMANAGER: GLSA-CHECK, RKHUNTER, CHKROOTKIT, LOGCHECK. .. PASSWORD GRUB