Child pages
  • Security
Skip to end of metadata
Go to start of metadata
  • fixed bash fork bomb vulnerability, edit /etc/security/limits.conf
  • for an extra layer of security, we'll have clients ssh into a public VE instead of the actual machine, and from there ssh into their own.
  • I was able to do a memory overload, which killed blaine.
  • definitely disable account/account
Chain PREROUTING (policy ACCEPT 81 packets, 6084 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp echo-request 
    0     0 ACCEPT     all  --  venet0 any     anywhere             anywhere            state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  venet0 any     anywhere             anywhere            tcp dpt:www 
    0     0 ACCEPT     tcp  --  venet0 any     anywhere             anywhere            tcp dpt:domain 
    0     0 ACCEPT     udp  --  venet0 any     anywhere             anywhere            udp dpt:domain 
    0     0 DROP       all  --  venet0 any     anywhere             anywhere            

Above is the PREROUTING iptables chain in the mangle table that drops all outgoing packets except DNS (53), WWW (80), and ICMP (7).

  • No labels

1 Comment

  1. Unknown User (wan)

    What about awesome botnets?