Help in implementing CHECKMAC Script By Farrukh Bhai

Protecting your Linux box

Help in implementing CHECKMAC Script By Farrukh Bhai

Postby mudasir » Fri Apr 20, 2007 6:18 pm

Salam,

I want to implement the MAC-Check script by Farrukh Bhai in ti my Current Firewall.
I have posted my Firewal Here...
http://www2.linuxpakistan.net/forum2x/viewtopic.php?t=6887&sid=13291ba19d9e92a103e4f6fd67124684

Please Help me out in impleenting this mac check script By Farrukh Bhai

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

set -x

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
/sbin/iptables -F INPUT
/sbin/iptables -I INPUT -p all -j DROP

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."



One more thing i want to know if i enter the MAC address in the file "/etc/mac.allow" will it automatically be alowed or will i have to restart the script.....
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Re: Help in implementing CHECKMAC Script By Farrukh Bhai

Postby lambda » Fri Apr 20, 2007 8:23 pm

mudasir wrote:Please Help me out in impleenting this mac check script By Farrukh Bhai
help you how?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby mudasir » Sat Apr 21, 2007 1:12 am

Salam,

I want to know that in my current firewall where should i paste the MAC-Check script, or should i create a saperate scipt for this MAC-Check purpose. This is what i want to know.

I also want to ask if i enter a new MAC address in the file do i have to restart the script or the MAC address will be automatically allowed.

Thnx for reply LAMBDA
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby mudasir » Sat Apr 21, 2007 3:55 am

Salam,

I tried this script by creating a saperate script, and when i executed it, it just like destroyed all the currest FIREWALL Rules and and all the ports were set to FILTER, even SSH and WEBMIN stopped working.

I cant figure out why this happened, but after doing this i have to restart my SERVER to get it to working.

Right now my SERVER has no security, even MAC security in squid is also not working.

I really need guide in this case.

looking foward for reply
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Re:

Postby LinuxFreaK » Sat Apr 21, 2007 11:15 am

Dear mudasir,
Salam,

Insert your current firewall rules into checkmac script.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby mudasir » Sat Apr 21, 2007 6:16 pm

Salam.

Thnx for the reply.

I will try this tonight, and will let you know as son as possible.

Thnx again for reply.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby mudasir » Sat Apr 21, 2007 11:54 pm

Salam,

Farrukh Bhai i tried what you told me, it worked but their is one problem, my mac.allow file is somewhat like this


#AMIR CABLE NETWORK

00:80:5F:77:A8:DC # rtl 01
00:01:03:04:D7:86 # ZUBAIR 02
00:01:02:5F:0F:73 # CAFE 1 03
00:01:02:F7:1C:E5 # CAFE 2 04


when i run the maccheck script it gives me errors saying
"# Invalid MAC Address"

Now can you tell me how will i be able to remove this error.

And one more thing. When i do "iptables -L", i see that all the MAC address are loaded which were in file "/etc/mac.allow", but the problem is that when i enter a new MAC address in the file it is not added in the firewall automatically.

Looking Forward for reply.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Re:

Postby LinuxFreaK » Mon Apr 23, 2007 11:22 am

Dear mudasir,
Salam,

I will update checkmac script by this week.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Re:

Postby A_Karim » Mon Sep 24, 2007 12:06 pm

LinuxFreaK wrote:Dear mudasir,
Salam,

I will update checkmac script by this week.

Best Regards.


Assalam-o-Aliakum

Farrukh bahi where is checkmac updated script ??
I have tried ur checkmac script it works fine but i found some problems in it.

1. When going to take backup for mac.deny it take backup of mac.allow then how taking backup of mac.deny ??
2. Whats the difference between deny and block options ?? if there no diff. why 2 options ?
3. If i deny a MAC it store in mac.deny and after then i allow it copy into mac.allow file but still reside in mac.deny file. So which rule is applied on that MAC either ALLOW or DENY.

Hope u give answer and upload updated script.

Regards,
AK
Eyes Never Says Lies
A_Karim
Lance Naik
 
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
WLM: engr_akarim@hotmail.com
Yahoo Messenger: engr_akarim@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Tue Sep 25, 2007 7:26 am

Dear A_Karim,
Salam,

FYI, http://www.linuxpakistan.net/forum2x/vi ... t=15#24788

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby A_Karim » Wed Sep 26, 2007 3:22 pm

Dear Farrukh Bahi

Assalam-o-Aliakum

Code: Select all

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -j DROP

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."


I have applied ur giving maccheck script , fter applying these firewall rules everything works fine browsing stop at client side but they can use yahoo messenger how can i stop messengers as well ?? and the 2nd problem is after implement maccheck with /sbin/iptables -A INPUT -p all -j DROP rule whenever i restart my squid browsing totally stoped and squid did not response to any one even server also unable to use internet. How overcome this problem ?? is there any solution for it ??

Right now im doing these steps for running network with macchek
1. Comment this rule and restart squid #/sbin/iptables -A INPUT -p all -j DROP
2. Then after running everything fine comment out /sbin/iptables -A INPUT -p all -j DROP and then run maccheck script for MAC address filtering

What should i do to overcome this problem ? Is there anything wrong with rules sequence ?? or i miss any rule or step ??

Please provide proper solution

Regards,
AK
Eyes Never Says Lies
A_Karim
Lance Naik
 
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
WLM: engr_akarim@hotmail.com
Yahoo Messenger: engr_akarim@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Thu Sep 27, 2007 12:10 pm

Dear A_Karim,
Salam,

Allow your server MAC Addresses.

For Yahoo messenger i have to look why its still working.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby A_Karim » Thu Sep 27, 2007 1:00 pm

Dear Farrukh Bahi

WSalam

Server MAC addresses already allowed in mac.allow but after restarting squid everything goes down and one thing more u did not answer my questions which i have asked in my previous post about backup etc.


Regards,
AK
Eyes Never Says Lies
A_Karim
Lance Naik
 
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
WLM: engr_akarim@hotmail.com
Yahoo Messenger: engr_akarim@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Sat Sep 29, 2007 7:32 am

Dear A_Karim,
Salam,

A_Karim wrote:1. When going to take backup for mac.deny it take backup of mac.allow then how taking backup of mac.deny ??


It should take backup of both mac.allow and mac.deny. If it is not working let me know i will check it.

A_Karim wrote:2. Whats the difference between deny and block options ?? if there no diff. why 2 options ?


I will have to check its been a time i did not used it :). I will update you accordingly.

A_Karim wrote:3. If i deny a MAC it store in mac.deny and after then i allow it copy into mac.allow file but still reside in mac.deny file. So which rule is applied on that MAC either ALLOW or DENY.


Its depends upon rule priority. I will fix this issue so that this problem never come back.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby A_Karim » Sat Sep 29, 2007 11:08 pm

Dear Farrukh Bahi

First thanks to ur reply im waiting updates from ur side.

But my problem with squid still there with ur script i have test it on two machines both have problem with this rule
/sbin/iptables -A INPUT -p all -j DROP

when i restart system or restart squid every thing goes down and squid unable to start.

I have added my servers's MACs in mac.allow file.

What is wrong ?

Regards,
AK
Eyes Never Says Lies
A_Karim
Lance Naik
 
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
WLM: engr_akarim@hotmail.com
Yahoo Messenger: engr_akarim@yahoo.com
Location: Karachi


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron