cerca
Sicurezza nelle Reti - Prova Pratica - Febbraio 2010
modifica cronologia stampa login logout

Wiki

UniCrema


Materie per semestre

Materie per anno

Materie per laurea


Help

Uni.SNR-PP-Febbraio2010 History

Hide minor edits - Show changes to output

April 20, 2011, at 11:00 PM by studente -
Restore
April 20, 2011, at 10:59 PM by studente -
Added lines 5-6:
Restore
April 20, 2011, at 10:59 PM by studente -
Restore
April 20, 2011, at 10:59 PM by studente -
Added lines 7-8:
Restore
April 20, 2011, at 10:57 PM by studente -
Changed line 16 from:
#//RICORDATI CHE QUESTO FILE VA SALVATO IN .sh E RESO ESEGUIBILE CON chmod +x nomefile!!\\
to:
#RICORDATI CHE QUESTO FILE VA SALVATO IN .sh E RESO ESEGUIBILE CON chmod +x nomefile!!\\
Restore
April 20, 2011, at 10:56 PM by studente -
Changed lines 6-7 from:
!/bin/sh
to:
#!/bin/sh
Changed line 32 from:
@punto 1\\
to:
#punto 1\\
Changed line 39 from:
@punto 2\\
to:
#punto 2\\
Changed line 43 from:
@punto 3 ftp passivo cmd\\
to:
#punto 3 ftp passivo cmd\\
Changed line 50 from:
@punto 3 ftp passivo dati\\
to:
#punto 3 ftp passivo dati\\
Changed line 57 from:
@punto 4\\
to:
#punto 4\\
Restore
April 20, 2011, at 10:55 PM by studente -
Changed lines 6-7 from:
1 !/bin/sh
to:
!/bin/sh
Changed line 16 from:
//RICORDATI CHE QUESTO FILE VA SALVATO IN .sh E RESO ESEGUIBILE CON chmod +x nomefile!!\\
to:
#//RICORDATI CHE QUESTO FILE VA SALVATO IN .sh E RESO ESEGUIBILE CON chmod +x nomefile!!\\
Changed line 18 from:
2 pulizia \\
to:
#2 pulizia \\
Changed line 23 from:
3 policies \\
to:
#3 policies \\
Restore
April 18, 2011, at 06:01 PM by davidep - su richiesta di valdemar dal forum, la pagina wiki dell'esame di febbraio 2010
Changed lines 31-63 from:
# punto 1
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP -s $BLACKLIST -j LOG --log-prefix "[mat.xxx in tcpnoblacklist]"
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP -s $BLACKLIST -j DROP

$IPTABLES -A INPUT -i $ETH_IFACE -p udp -d $ETH_IP -s $BLACKLIST -j LOG --log-prefix "[mat.xxx in udpnoblacklist]"
$IPTABLES -A INPUT -i $ETH_IFACE -p udp -d $ETH_IP -s $BLACKLIST -j DROP

# punto 2
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP -j LOG --log-prefix "[mat.xxx out z.transfer]"
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP -j ACCEPT

#punto 3 ftp passivo cmd
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 21 -j LOG --log-prefix "[mat.xxx out ftpcmd]"
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 21 -j ACCEPT

$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 21 -j LOG --log-prefix "[mat.xxx in ftpcmd]"
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 21 -j ACCEPT

# punto 3 ftp passivo dati
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 1024:65535 -j LOG --log-prefix "[mat.xxx out ftpdati]"
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 1024:65535 -j ACCEPT


$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 1024:65535 -j LOG --log-prefix "[mat.xxx out ftpcmd]"
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 1024:65535 -j ACCEPT

# punto 4
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP --dport 22 -j LOG --log-prefix "[mat.xxx in nossh]"
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP --dport 22 -j DROP

$IPTABLES -A OUTPUT -o $ETH_IFACE -p icmp --icmp-type protocol-unreachable -s $ETH_IP -j LOG --log-prefix "[mat.xxx out protunreach]"
$IPTABLES -A OUTPUT -o $ETH_IFACE -p icmp --icmp-type protocol-unreachable -s $ETH_IP -j ACCEPT
to:
\\
@punto 1\\
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP -s $BLACKLIST -j LOG --log-prefix "[mat.xxx in tcpnoblacklist]"\\
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP -s $BLACKLIST -j DROP \\
\\
$IPTABLES -A INPUT -i $ETH_IFACE -p udp -d $ETH_IP -s $BLACKLIST -j LOG --log-prefix "[mat.xxx in udpnoblacklist]" \\
$IPTABLES -A INPUT -i $ETH_IFACE -p udp -d $ETH_IP -s $BLACKLIST -j DROP \\
\\
@punto 2\\
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP -j LOG --log-prefix "[mat.xxx out z.transfer]" \\
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP -j ACCEPT \\
\\
@punto 3 ftp passivo cmd\\
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 21 -j LOG --log-prefix "[mat.xxx out ftpcmd]"\\
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 21 -j ACCEPT \\
\\
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 21 -j LOG --log-prefix "[mat.xxx in ftpcmd]"\\
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 21 -j ACCEPT \\
\\
@punto 3 ftp passivo dati\\
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 1024:65535 -j LOG --log-prefix "[mat.xxx out ftpdati]"\\
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 1024:65535 -j ACCEPT\\
\\
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 1024:65535 -j LOG --log-prefix "[mat.xxx out ftpcmd]"\\
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 1024:65535 -j ACCEPT \\
\\
@punto 4\\
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP --dport 22 -j LOG --log-prefix "[mat.xxx in nossh]"\\
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP --dport 22 -j DROP \\
\\
$IPTABLES -A OUTPUT -o $ETH_IFACE -p icmp --icmp-type protocol-unreachable -s $ETH_IP -j LOG --log-prefix "[mat.xxx out protunreach]"\\
$IPTABLES -A OUTPUT -o $ETH_IFACE -p icmp --icmp-type protocol-unreachable -s $ETH_IP -j ACCEPT\\
Restore
April 18, 2011, at 05:59 PM by davidep - su richiesta di valdemar dal forum, la pagina wiki dell'esame di febbraio 2010
Added lines 1-64:
(:title Sicurezza nelle Reti - Prova Pratica - Febbraio 2010:)
%titolo%''':: Sicurezza nelle Reti - Prova Pratica - Febbraio 2010 ::'''

!!Script iptables

1 !/bin/sh

ETH_IFACE="eth1" \\
ETH_IP="192.168.1.104" \\
PC_DOCENTE="192.168.1.1" \\
BLACKLIST="121.34.22.12/24" \\
LO_IFACE="lo" \\
LO_IP="127.0.0.1" \\
\\
IPTABLES="sudo /sbin/iptables " \\
//RICORDATI CHE QUESTO FILE VA SALVATO IN .sh E RESO ESEGUIBILE CON chmod +x nomefile!!\\
\\
2 pulizia \\
$IPTABLES -F INPUT \\
$IPTABLES -F OUTPUT \\
$IPTABLES -F FORWARD \\
\\
3 policies \\
$IPTABLES -P INPUT DROP \\
$IPTABLES -P OUTPUT DROP \\
$IPTABLES -P FORWARD DROP \\
\\
\\
$IPTABLES -A INPUT -i lo -j ACCEPT \\
$IPTABLES -A OUTPUT -o lo -j ACCEPT \\

# punto 1
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP -s $BLACKLIST -j LOG --log-prefix "[mat.xxx in tcpnoblacklist]"
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP -s $BLACKLIST -j DROP

$IPTABLES -A INPUT -i $ETH_IFACE -p udp -d $ETH_IP -s $BLACKLIST -j LOG --log-prefix "[mat.xxx in udpnoblacklist]"
$IPTABLES -A INPUT -i $ETH_IFACE -p udp -d $ETH_IP -s $BLACKLIST -j DROP

# punto 2
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP -j LOG --log-prefix "[mat.xxx out z.transfer]"
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP -j ACCEPT

#punto 3 ftp passivo cmd
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 21 -j LOG --log-prefix "[mat.xxx out ftpcmd]"
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 21 -j ACCEPT

$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 21 -j LOG --log-prefix "[mat.xxx in ftpcmd]"
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 21 -j ACCEPT

# punto 3 ftp passivo dati
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 1024:65535 -j LOG --log-prefix "[mat.xxx out ftpdati]"
$IPTABLES -A OUTPUT -o $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $PC_DOCENTE -s $ETH_IP --dport 1024:65535 -j ACCEPT


$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 1024:65535 -j LOG --log-prefix "[mat.xxx out ftpcmd]"
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state ESTABLISHED,RELATED -p tcp -d $ETH_IP -s $PC_DOCENTE --dport 1024:65535 -j ACCEPT

# punto 4
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP --dport 22 -j LOG --log-prefix "[mat.xxx in nossh]"
$IPTABLES -A INPUT -i $ETH_IFACE -m state --state NEW,ESTABLISHED -p tcp -d $ETH_IP --dport 22 -j DROP

$IPTABLES -A OUTPUT -o $ETH_IFACE -p icmp --icmp-type protocol-unreachable -s $ETH_IP -j LOG --log-prefix "[mat.xxx out protunreach]"
$IPTABLES -A OUTPUT -o $ETH_IFACE -p icmp --icmp-type protocol-unreachable -s $ETH_IP -j ACCEPT
Restore