Académique Documents
Professionnel Documents
Culture Documents
Use the �chkconfig� command to find out services which are running on runlevel 3.
# /sbin/chkconfig --list |grep '3:on'
# chkconfig serviceName off
# yum -y remove package-name
---------------------------------------------------------------------------------
# netstat -tulpn
# netstat -a | more Listing all the LISTENING Ports of TCP and UDP
connections
# netstat -at Listing TCP Ports connections
# netstat -l Listing all LISTENING Connections
# netstat -lt Listing all TCP Listening Ports
# netstat -lu Listing all UDP Listening Ports
# netstat -lx Listing all UNIX Listening Ports
# netstat -s Showing Statistics by Protocol
# netstat -st Showing Statistics by TCP Protocol
# netstat -su Showing Statistics by UDP Protocol
# netstat -tp Displaying Service name with PID
# netstat -ac 5 | grep tcp Displaying Promiscuous Mode
# netstat -r Displaying Kernel IP routing
# netstat -i Showing Network Interface Transactions
# netstat -ie Showing Kernel Interface Table
# netstat -g Displaying IPv4 and IPv6 Information
# netstat -c Print Netstat Information Continuously
# netstat --verbose Finding non supportive Address
# netstat -ap | grep http Finding Listening Programs
# netstat --statistics --raw Displaying RAW Network Statistics
---------------------------------------------------------------------------------
# nano /etc/ssh/sshd_config
PermitRootLogin no
AllowUsers username
Protocol 2
---------------------------------------------------------------------------------
@ FIREWALL
#HTTP
Iptables �t filter �A INPUT �p tcp �dport 80 �j ACCEPT
Iptables �t filter �A INPUT �p tcp �dport 80 �j ACCEPT
#SSH
Iptables �t filter �A INPUT �p tcp �dport 1002 �j ACCEPT
Iptables �t filter �A INPUT �p tcp �dport 1002 �j ACCEPT
---------------------------------------------------------------------------------
@ Install denyhosts
sudo rpm -Uvh http://mirror.metrocast.net/fedora/epel/6/i386/epel-release-6-
8.noarch.rpm
# nano /etc/hosts.allow
# tail -f /var/log/secure
---------------------------------------------------------------------------------
@ Turn on SELinux
# sestatus
# setenforce enforcing
# setenforce disabled
atau
# nano /etc/sysconfig/selinux
---------------------------------------------------------------------------------
NETWORKING_IPV6=no
IPV6INIT=no
---------------------------------------------------------------------------------
# nano /etc/pam.d/system-auth
---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
# nano /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
#sysctl -p