netstat -tnpa | grep ‘ESTABLISHED.*sshd’
IPTables – Load Balance Incoming Web Traffic
First of ALL
The important thing to remember as we go forward is that ORDER MATTERS! Rules are executed from top to bottom.
Note that Rules are applied in order of appearance, and the inspection ends immediately when there is a match. Therefore, for example, if a Rule rejecting ssh connections is created, and afterward another Rule is specified allowing ssh, the Rule to reject is applied and the later Rule to accept the ssh connection is not.
At the top of the /etc/sysconfig/iptables (Centos 7) the rules are more important !!
Instead of using the default policy, I normally recommend making an explicit DROP/REJECT rule at the bottom of your chain that matches everything. You can leave your default policy set to ACCEPT and this should reduce the chance of blocking all access to the server.
Load Balance Incoming Web Traffic
This uses the iptables nth extension. The following example load balances the HTTPS traffic to three different ip-address. For every 3th packet, it is load balanced to the appropriate server (using the counter 0).
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 192.168.1.101:443 iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 192.168.1.102:443 iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 192.168.1.103:443
Allow Loopback Access
You should allow full loopback access on your servers. i.e access using 127.0.0.1
iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT
Allow Internal Network to External network.
On the firewall server where one ethernet card is connected to the external, and another ethernet card connected to the internal servers, use the following rules to allow internal network talk to external network.
In this example, eth1 is connected to external network (internet), and eth0 is connected to internal network (For example: 192.168.1.x).
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
Allow outbound DNS
The following rules allow outgoing DNS connections.
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
Prevent DoS Attack
The following iptables rule will help you prevent the Denial of Service (DoS) attack on your webserver.
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
In the above example:
- -m limit: This uses the limit iptables extension
- –limit 25/minute: This limits only maximum of 25 connection per minute. Change this value based on your specific requirement
- –limit-burst 100: This value indicates that the limit/minute will be enforced only after the total number of connection have reached the limit-burst level.
Port Forwarding
The following example routes all traffic that comes to the port 442 to 22. This means that the incoming ssh connection can come from both port 22 and 422.
iptables -t nat -A PREROUTING -p tcp -d 192.168.102.37 --dport 422 -j DNAT --to 192.168.102.37:22
If you do the above, you also need to explicitly allow incoming connection on the port 422.
iptables -A INPUT -i eth0 -p tcp --dport 422 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 422 -m state --state ESTABLISHED -j ACCEPT
Log Dropped Packets
You might also want to log all the dropped packets. These rules should be at the bottom.
First, create a new chain called LOGGING.
iptables -N LOGGING
Next, make sure all the remaining incoming connections jump to the LOGGING chain as shown below.
iptables -A INPUT -j LOGGING
Next, log these packets by specifying a custom “log-prefix”.
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
Finally, drop these packets.
iptables -A LOGGING -j DROP
(most of the rules from here)
Example:
iptables -A INPUT --jump ACCEPT --protocol all --source 127.0.0.1
iptables -A INPUT --jump ACCEPT --protocol tcp --dport 22
iptabels -A INPUT --jump ACCEPT --protocol icmp
iptables -A INPUT --jump ACCEPT --match state --state ESTABLISHED,RELATED
iptables -A INPUT --jump REJECT --protocol all
How to create a deamon service for java program – Centos 6
Here the link I used for create the service script:
vim service.name.sh
insert this:
#!/bin/sh
SERVICE_NAME=MyService
PATH_TO_JAR=/usr/local/MyProject/MyJar.jar
PID_PATH_NAME=/tmp/MyService-pid
case $1 in
start)
echo “Starting $SERVICE_NAME …”
if [ ! -f $PID_PATH_NAME ]; then
nohup java -jar $PATH_TO_JAR /tmp 2>> /dev/null >> /dev/null &
echo $! > $PID_PATH_NAME
echo “$SERVICE_NAME started …”
else
echo “$SERVICE_NAME is already running …”
fi
;;
stop)
if [ -f $PID_PATH_NAME ]; then
PID=$(cat $PID_PATH_NAME);
echo “$SERVICE_NAME stoping …”
kill $PID;
echo “$SERVICE_NAME stopped …”
rm $PID_PATH_NAME
else
echo “$SERVICE_NAME is not running …”
fi
;;
restart)
if [ -f $PID_PATH_NAME ]; then
PID=$(cat $PID_PATH_NAME);
echo “$SERVICE_NAME stopping …”;
kill $PID;
echo “$SERVICE_NAME stopped …”;
rm $PID_PATH_NAME
echo “$SERVICE_NAME starting …”
nohup java -jar $PATH_TO_JAR /tmp 2>> /dev/null >> /dev/null &
echo $! > $PID_PATH_NAME
echo “$SERVICE_NAME started …”
else
echo “$SERVICE_NAME is not running …”
fi
;;
esac
modify the environment variable
SERVICE_NAME=MyService
PATH_TO_JAR=/usr/local/MyProject/MyJar.jar
PID_PATH_NAME=/tmp/MyService-pid
Linux Centos command to list files ordered by date desc
ls -utla
Install nmap and check which ports are open.Centos 7
yum install nmap
now scan the ports with :
nmap -sT -O localhost
result:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 972 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
443/tcp open https
783/tcp open spamassassin
993/tcp open imaps
995/tcp open pop3s
1080/tcp open socks
1081/tcp open pvuniwien
2005/tcp open deslogin
2009/tcp open news
3005/tcp open deslogin
3306/tcp open mysql
5432/tcp open postgresql
8009/tcp open ajp13
8080/tcp open http-proxy
8081/tcp open blackice-icecap
9009/tcp open pichat
9080/tcp open glrpc
9090/tcp open zeus-admin
9100/tcp open jetdirect
10024/tcp open unknown
10025/tcp open unknown
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.40%E=4%D=7/23%OT=21%CT=1%CU=41542%PV=N%DS=0%DC=L%G=Y%TM=59744F1
OS:C%P=x86_64-redhat-linux-gnu)SEQ(SP=101%GCD=1%ISR=105%TI=Z%TS=A)SEQ(SP=10
OS:1%GCD=1%ISR=106%TI=Z%II=I%TS=A)OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MF
OS:FD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11)WIN(W1=AAAA%W2=
OS:AAAA%W3=AAAA%W4=AAAA%W5=AAAA%W6=AAAA)ECN(R=Y%DF=Y%T=40%W=AAAA%O=MFFD7NNS
OS:NW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%
OS:DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%
OS:O=%RD=0%Q=)T6(R=N)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%D
OS:F=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=4
OS:0%CD=S)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.22 seconds
now scan from external :
nmap -sT -O <ip>
result
Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-23 09:30 CEST
Nmap scan report for web.site (<ip>)
Host is up (0.035s latency).
rDNS record for <ip>: mail. web.site
Not shown: 978 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp filtered microsoft-ds
993/tcp open imaps
995/tcp open pop3s
1080/tcp open socks
1081/tcp open pvuniwien
2009/tcp open news
3306/tcp filtered mysql
8009/tcp open ajp13
8081/tcp open blackice-icecap
9009/tcp open pichat
9080/tcp open glrpc
Device type: general purpose|media device|WAP|storage-misc
Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (89%), Asus embedded (86%), Synology DiskStation Manager 5.X (86%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:3.x cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:3.10 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:linux:linux_kernel:2.6.32
Aggressive OS guesses: Linux 3.2 – 4.8 (89%), Linux 3.18 (88%), Linux 3.16 (87%), Linux 3.13 or 4.2 (87%), XBMCbuntu Frodo v12.2 (Linux 3.X) (87%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.13 (86%), Linux 3.12 (86%), Linux 3.8 – 3.11 (86%), Linux 4.10 (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.47 seconds
check now for LISTENING port:
Next, check for information about the port using netstat or lsof. To check for port 834 using netstat, use the following command:
netstat -anp | grep 834 |
result :
tcp 0 0 127.0.0.1:9168 127.0.0.1:47834 TIME_WAIT –
unix 2 [ ACC ] STREAM LISTENING 397083455 343/amavisd (ch1-av /var/spool/amavisd/amavisd.sock
unix 2 [ ] STREAM CONNECTED 481728342 25062/ruby
unix 3 [ ] STREAM CONNECTED 407881834 4920/dovecot
unix 2 [ ] STREAM CONNECTED 481808349 25062/ruby
The lsof command reveals similar information since it is also capable of linking open ports to services:
lsof -i | grep 834 |
To check if the port is associated with the official list of known services, type:
cat /etc/services |
to check the users log in use command : who
which process are running over a port eg 8080
netstat -nlp | grep 8080
