Enabling firewall in FreeBSD – ipf

logo-full

This writeup will be short, to summarize how to enable ipf firewall in FreeBSD. In my experience with FreeBSD 5.4, it just work very well.

First, we need to enable it in the kernel configuration file. The default filename is GENERIC and located in /usr/src/sys/i386/conf/. First I make a copy of the configuration file, to BUDIHOST simply by using this command.

my.budihost.com# cp GENERIC BUDIHOST

Edit BUDIHOST, add these few lines:

options IPFILTER # IPFilter support
options IPFILTER_LOG # IPFilter logging support
options IPFILTER_DEFAULT_BLOCK # Block all packets by default
options RANDOM_IP_ID # RANDOM_IP_ID causes the ID field in IP packets to be randomized

These few lines also need to be added into /etc/rc.conf

ipfilter_enable=”YES” #Stateful firewall
ipfilter_program=”/sbin/ipf” # where the ipfilter program lives
ipfilter_rules=”/etc/ipf.rules” # loads rules definition text file
ipfilter_flags=”-F a -f /etc/ipf.rules” #IPFilter is enabled in the kernel and not module

After modification in your kernel configuration file, you need to rebuild and reinstall the new kernel with the new configuration.

my.budihost.com# cd /usr/src/
my.budihost.com# make buildkernel KERNCONF=BUDIHOST
my.budihost.com# make installkernel KERNCONF=BUDIHOST

Please check the error or any messages prompted after the buildkernel. If there is any problem, you might need to edit your configuration file, then rebuild. After you have sucessfully rebuild the kernel, then you can install it.

The firewall rules were stored in /etc/ipf.rules. You need to modify the file, to suite your production needs.

This is a sample configuration file. /etc/ipf.rules . You can open any additional port yourself, the configuration is simple straight forward.

Reboot your machine..

my.budihost.com# shutdown -r now

🙂

I have experience once, when I cannot ping to my own box. I also cannot check my email using webmail, the error message come out, no route to host. Its actually because of the firewall rule, u need to allow loopback interface to transfer. Solved! 😉

Server migrated to Malaysia datacenter – Netmyne

Netmyne datacenter

Finally, Budihost server have been changed to Netmyne datacenter, in Brickfield.. Theres alot of problem while migrating, from DNS problem with Jaring, server firewall problem, and now, running smooth and sound.

Netmyne datacenter in Brickfield is a preference for most company in Malaysia, as it is located inside KL, no need to go to Cyberjaya. With fast connection, it hope will provide a better performance for all our clients, and clients to be 🙂

If you have any problem with our solutions, please do contact me.
If you are looking for a dedicated server solutions, please do contact us.

Enjoy the speed! 🙂

Google hacks

Google hacks..
Now I would like to share something I have to gain more 🙂 hhee..

Since Google have come into the internet, it seems have change the whole internet. Its really wonderful actually, from the comprehensive search engine, Google AdSense, Google Earth, Google Talk, and more to come I hope.

Now I will concentrate on Google Search hacks. I will show how you can search for a particular file on the internet, and search your own website, even you dont have a search engine. Really cool for a fully static HTML website right? 😉

At first, try to go to this link:
http://www.google.com.my/search?hl=en&q=mysql+ext%3Apdf&btnG=Search&meta=
You can see the search string in link provided. You can see, it can search for a particular topic and with what extension. You can also for a specific file using inurl. Try to search inurl:passwd.txt, you can see many search hits that found filename passwd.txt
This actually a vulnerablity to the owner of the system, where Google will reveal your confidential file. But, there is a solutions for system owner, using GHH – The “Google Hack” Honeypot. It will simulate the unsecure page, as if it is the vulnerable page, avoiding attackers from the actual possible vulnerable file.

Another tricks with Google is to search a particular file in your own site or domain. The example if in the link below:
http://www.google.com.my/search?hl=en&q=farhan+site%3Asbudi.net&btnG=Search&meta=
The search string used to search a keyword farhan in site sbudi.net.

I hope this article will be a guideline on how to find valuable information in the internet. Believe me, you’ll thank Google alot 🙂

A funny conversation

>WOMAN: What would you do if I died?
> Would you get married again?
>MAN: Definitely not!
>WOMAN: Why not – don’t you like being married?
>MAN: Of course I do.
>WOMAN: Then why wouldn’t you remarry?
>MAN: Okay, I’d get married again.
>WOMAN: You would? (with a hurtful look on her face)
>MAN: (makes audible groan)
>WOMAN: Would you sleep with her in our bed?
>MAN: Where else would we sleep?
>WOMAN: Would you put away my pictures, and replace
>them with Pictures of her?
>MAN: That would seem like the proper thing to do.
>WOMAN: And would you let her use my golf clubs?
>MAN: She can’t use them; she’s left-handed.
>WOMAN: – – – silence – – –
>MAN: Shit.

ALIF – Antara Libur Insan Fikir

www.alif.com.my, have just being uploaded, and now visible for all user. But it still under construction, already open for registration, but not full with content yet.

The website is for all nasyid fans in Malaysia, concentrating on Malaysian nasyid artist. The website hope to serve users with latest information about nasyid concert, and any album release of any nasyid group. This website hope to be the nasyid portal, where it will be supported by all nasyid group in Malaysia such as Raihan, Rabbani, Hijjaz, InTeam, NowSeeHeart, Mestika, Brothers, UNIC, Mirwana, Far East, One Faith and many more.

ALIF need a dedicated team to cooperate and work together, to develope, to enhance the feature, and add news and events to be shared with all its members. Anyone interested please contact us, using our contact page.

Please have a visit, and do support us! Thanks for your support, we really appreciate it 🙂

http://www.alif.com.my

How to dump your mysql database through command line

Mysql Database
I have a problem with my snort database. I have run snort for a few month, and the data logged have reach of to 400MB of alert. So, now, I want to download it back to my own pc, so that I can navigate through it faster, instead of using the slow internet connection, navigating using ACID interface..
I deal with mysql using command line interface, to backup and restore mysql database.

At first I issue this command in shell:
su-2.05b# mysqldump -a -u db_username -p db_name > snort_report.sql

It will then ask you the password of database user, enter it, and it will dump the database into the file, snort_report.sql
I actually cannot the run the command immediately, it tells the command was not found. I issue a command,

su-2.05b# which mysqldump

and it will then show you the true path of mysqldump.

Then I can download the file using Internet Download Manager, for faster download using direct link.

To restore back the file into the database, use this command:

su-2.05b# mysql -u USERNAME -p DATABASE < FILENAME.mysql

Hope this help you to do backup and restore for your database.

With free web hosting, going about marketing is much easier, particularly when there are only a few online jobs left as all are availing adsl.

Water disruption – IIUM is affected

These few days IIUM and the surrounding area still have water disruption, and many students have leave the campus to go back to their home town. IIUM cancel all classes from Monday and the class will continue on Thursday.
It is due to water plant been contaminated by of oil from an accident at KM 25 Karak Highway. The plant have to be cleaned and it now have been at last phase perhaps. Some rumours said the plant have already being cleaned now, just waiting for the water to filled up and supplied to the affected area.

All my friends also went outside, stay with friends around Kuala Lumpur. Me? stay and and survive 🙁 Even my close friend from Kedah, also went to aa friend’s house in KL. Hope she’s happy to take shower everyday without any hassle 🙂 Remember to come back here huh, we have class in Thursday. hehe..

Picture from TheStar
http://thestar.com.my/news/story.asp?file=/2005/9/13/nation/12025779&sec=nation
http://www.thestar.com.my/news/story.asp?file=/2005/9/13/nation/12023092&sec=nation

How to secure your page using .htaccess

htaccess

Want to have a secure page and prompt your user with this login window? 🙂

I have setup ntop previously and I have to secure the page using .htaccess and .htpasswd file.

The process is quite simple atually, you can just have FTP access to set this things up. At first you have to create your .htaccess file. The format of your file is like below:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/local/html/.htpasswd
AuthGroupFile /dev/null
require valid-user

The file above will find the .htpasswd file, where it will contain your encrypted password. Below is the sample of .htaccess file with password mypassword:

farhan:VQv2aMigXGMkU

Upload them to your folder. You should put your .htpasswd out from the apache accessable file. Your user might just view your encrypted password easily, and make sure the path of .htpasswd in .htaccess file is correct. Upload them using ASCII instead of Binary.

You can use this website to create your .htaccess and .htpasswd files. It can generate the encrypted password for you.
http://www.tools.dynamicdrive.com/password/

Monitoring your server traffic with ntop – Cool! :)

ntop_all_proto
The is a tool, ntop, a tool that will give you statistic of your server. I keep wondering myself how much data have been transfered so far, and how much throughput rate d I get with this current provider. Now, ntop come and I get to install it in my server.

My main reference was this book, Linux Server Hacks, by Oreilly written by Andrew Lockhart, hacks #63 as well and written by Rob Flickenger in Network Security Hacks by Oreilly, hacks #64. Rob Flickenger also discuss about the same thing. The article look indentical, just the ilustration look different. Mr Lockhart refering to Flickenger’s writing actually.

I downloaded Ntop into /usr/port/distfiles/ and extract it to /usr/port/distfiles/ntop-3.2rc1/. Before installing ntop, I just added a user ntop with group ntop.

su-2.05b# ./configure
su-2.05b# make
su-2.05b# gmake clean

Ntop need to use gmake instead of make. I have tried using make install command, and it will show an error.

“You might run it using make, please use gmake instead”
*Somthing like that la…

After installing, it have automatically created /usr/local/etc/ntop/ and all the default ssl sertificate file have been there. These are default certificate, and you can also create a new certificate, sign it your own. Now I just have to initialize ntop database and set an adaministrative password. Ntop use round robin database, which is a good database for storing traffic report and logging. The main advantage of this database is it will not grow and fill up your harddisk. New entry will remove the old entry out.

su-2.05b# ntop -A -u ntop -P /usr/local/etc/ntop
10/Sep/2005 20:30:23 Initializing GDBM...
10/Sep/2005 20:30:23 Started thread (1026) for network packet analyser.
10/Sep/2005 20:30:23 Started thread (2051) for idle hosts detection.
10/Sep/2005 20:30:23 Started thread (3076) for DNS address resolution.
10/Sep/2005 20:30:23 Started thread (4101) for address purge.

Please enter the password for the admin user:
Please enter the password again:
10/Sep/2005 20:30:29 Admin user password has been set.

Then we initialize ntop, with https at port 1234(example) and run it as a daemon:

su-2.05b# ntop -u ntop -P /usr/local/etc/ntop -W1234 -d

The tools just works fine in my FreeBSD 4.11 server. By now it already run for 3 days and 6 hours. At first when my ntop aged around 2 days, the page will load very slow, it take up to 1 hour to load. I dont know what happen. Now, it works just fine, and it can display all the graph nicely.

By the way, you might want to secure your page avoiding other people from viewing your server statistic. The best and simple solutions is using .htaccess and .htpasswd file. Please refer to my next blog entry, on securing folder using .htaccess and .htpasswd file.

Ntop.org
Linux Server Hacks [O’Reilly] – Download here
Network Security Hacks [O’Reilly] – Download here