cdr:vms:web-server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
cdr:vms:web-server [2017/03/24 05:39]
jamesdro Add firewall rules 		cdr:vms:web-server [2017/05/06 04:29]
jamesdro [Access Control]
Line 1: Line 1:
-====== ​ubnetdef ​======+====== ​Web Server ​======
 Our front-facing public webserver. You're literally connected to this server right now, as you're on our wiki. Our front-facing public webserver. You're literally connected to this server right now, as you're on our wiki.
  
 ===== Host Information ===== ===== Host Information =====
   * IP: 128.205.44.157   * IP: 128.205.44.157
 +  * IP: 192.168.0.21 ([Red Team Network](/​cdr/​networks/​blue_red))
   * Reverse DNS: net-def.cse.buffalo.edu   * Reverse DNS: net-def.cse.buffalo.edu
-  * vCenter Cluster: ​UBNetDef / LEGACY +  * vCenter Cluster: ​MAIN 
-  * vCenter Datastore: [cdr-iscsi2](/​cdr/​servers/​cdr-iscsi2)+  * vCenter Datastore: [cdr-iscsi1](/​cdr/​servers/​cdr-iscsi1)
  
 ===== Access Control ===== ===== Access Control =====
-Accounts on this machine ​is manually ​controlled.+Access to this server ​is controlled ​via our [central authentication server](master).
  
 ===== Firewall Rules ===== ===== Firewall Rules =====
Line 15: Line 16:
  
 <file conf /​etc/​iptables/​rules.v4>​ <file conf /​etc/​iptables/​rules.v4>​
-# Generated by iptables-save v1.4.21 on Wed Mar 22 04:25:50 2017+# Generated by iptables-save v1.4.21 on Fri Mar 24 01:42:12 2017
 *filter *filter
-:INPUT DROP [0:0]+:INPUT DROP [1:36]
 :FORWARD ACCEPT [0:0] :FORWARD ACCEPT [0:0]
-:​OUTPUT ​ACCEPT ​[109:12573+:​OUTPUT ​DROP [1:84
-:fail2ban-ssh [0:0] +-A INPUT -i lo -j ACCEPT 
--A INPUT -p tcp -m multiport ​--dports ​22 -j fail2ban-ssh+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 +-A INPUT -p udp -m udp --dport 123 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
 -A INPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT -A INPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT
--A fail2ban-ssh -j RETURN+-A OUTPUT ​-o lo -j ACCEPT 
 +-A OUTPUT -p tcp -m tcp -d 128.205.32.55 --dport 25 -j ACCEPT 
 +-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT 
 +-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT 
 +-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT 
 +-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT 
 +-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT 
 +-A OUTPUT -d 128.205.44.172/​32 -p udp -m udp --dport 1514 -j ACCEPT 
 +-A OUTPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT
 COMMIT COMMIT
-# Completed on Wed Mar 22 04:25:50 2017+# Completed on Fri Mar 24 01:42:12 2017
 </​file>​ </​file>​
  
 ===== Notes ===== ===== Notes =====
 [fail2ban](https://​www.fail2ban.org/​wiki/​index.php/​Main_Page) is installed, protecting against SSH bruteforce attacks. ​ Don't mess up a login multiple times, as your IP will be banned. [fail2ban](https://​www.fail2ban.org/​wiki/​index.php/​Main_Page) is installed, protecting against SSH bruteforce attacks. ​ Don't mess up a login multiple times, as your IP will be banned.
  • cdr/vms/web-server.txt
  • Last modified: 2018/03/12 06:54
  • by jamesdro