cdr:vms:web-server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
cdr:vms:web-server [2017/03/24 05:44]
jamesdro [Firewall Rules] 		cdr:vms:web-server [2017/05/06 04:29]
jamesdro [Access Control]
Line 1: Line 1:
-====== ​ubnetdef ​======+====== ​Web Server ​======
 Our front-facing public webserver. You're literally connected to this server right now, as you're on our wiki. Our front-facing public webserver. You're literally connected to this server right now, as you're on our wiki.
  
 ===== Host Information ===== ===== Host Information =====
   * IP: 128.205.44.157   * IP: 128.205.44.157
 +  * IP: 192.168.0.21 ([Red Team Network](/​cdr/​networks/​blue_red))
   * Reverse DNS: net-def.cse.buffalo.edu   * Reverse DNS: net-def.cse.buffalo.edu
-  * vCenter Cluster: ​UBNetDef / LEGACY +  * vCenter Cluster: ​MAIN 
-  * vCenter Datastore: [cdr-iscsi2](/​cdr/​servers/​cdr-iscsi2)+  * vCenter Datastore: [cdr-iscsi1](/​cdr/​servers/​cdr-iscsi1)
  
 ===== Access Control ===== ===== Access Control =====
-Accounts on this machine ​is manually ​controlled.+Access to this server ​is controlled ​via our [central authentication server](master).
  
 ===== Firewall Rules ===== ===== Firewall Rules =====
Line 15: Line 16:
  
 <file conf /​etc/​iptables/​rules.v4>​ <file conf /​etc/​iptables/​rules.v4>​
-# Generated by iptables-save v1.4.21 on Fri Mar 24 01:42:15 2017+# Generated by iptables-save v1.4.21 on Fri Mar 24 01:42:12 2017
 *filter *filter
 :INPUT DROP [1:36] :INPUT DROP [1:36]
 :FORWARD ACCEPT [0:0] :FORWARD ACCEPT [0:0]
 :OUTPUT DROP [1:84] :OUTPUT DROP [1:84]
-:fail2ban-ssh [0:0] +-A INPUT -i lo -j ACCEPT 
--A INPUT -p tcp -m multiport ​--dports ​22 -j fail2ban-ssh+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 +-A INPUT -p udp -m udp --dport 123 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
 -A INPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT -A INPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT
 +-A OUTPUT -o lo -j ACCEPT
 +-A OUTPUT -p tcp -m tcp -d 128.205.32.55 --dport 25 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
 +-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
 +-A OUTPUT -d 128.205.44.172/​32 -p udp -m udp --dport 1514 -j ACCEPT
 -A OUTPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT
--A fail2ban-ssh -j RETURN 
 COMMIT COMMIT
-# Completed on Fri Mar 24 01:42:15 2017+# Completed on Fri Mar 24 01:42:12 2017
 </​file>​ </​file>​
  
 ===== Notes ===== ===== Notes =====
 [fail2ban](https://​www.fail2ban.org/​wiki/​index.php/​Main_Page) is installed, protecting against SSH bruteforce attacks. ​ Don't mess up a login multiple times, as your IP will be banned. [fail2ban](https://​www.fail2ban.org/​wiki/​index.php/​Main_Page) is installed, protecting against SSH bruteforce attacks. ​ Don't mess up a login multiple times, as your IP will be banned.
  • cdr/vms/web-server.txt
  • Last modified: 2018/03/12 06:54
  • by jamesdro