Help in implementing CHECKMAC Script By Farrukh Bhai

Protecting your Linux box
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Wed Oct 03, 2007 5:30 am

Dear A_Karim,
Salam,

Try using below checkmac script.

/sbin/iptables -A INPUT -p all -j DROP

This rule placed at the end of firewall. It should allow squid however i have added another rule which might solve your problem.

Code: Select all

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
[b]/sbin/iptables -I INPUT 2 -p tcp --dport 8080 -j ACCEPT[/b]
/sbin/iptables -A INPUT -j DROP

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."


Best Regards.
Farrukh Ahmed

A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Re:

Postby A_Karim » Wed Oct 03, 2007 1:38 pm

LinuxFreaK wrote:Dear A_Karim,
Salam,

Try using below checkmac script.

/sbin/iptables -A INPUT -p all -j DROP

This rule placed at the end of firewall. It should allow squid however i have added another rule which might solve your problem.

Code: Select all

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
[b]/sbin/iptables -I INPUT 2 -p tcp --dport 8080 -j ACCEPT[/b]
/sbin/iptables -A INPUT -j DROP

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."


Best Regards.



Assalam-o-Alikaum Farrukh Bahi

After applying ur given maccheck squid still unable to start whenever im going to restart or start squid its going to FAILED but when i flush all these rules it works fine.


its my squid messeges after start normally without applying ur maccheck

[messeges]

Oct 3 13:30:55 ks300 (squid): Cannot open HTTP Port
Oct 3 13:30:55 ks300 squid[3016]: Squid Parent: child process 3018 exited due to signal 6
Oct 3 13:30:58 ks300 squid[3016]: Squid Parent: child process 3289 started
Oct 3 13:30:58 ks300 squid[3016]: Squid Parent: child process 3289 exited with status 1
Oct 3 13:31:01 ks300 squid[3016]: Squid Parent: child process 3291 started
Oct 3 13:31:01 ks300 squid[3016]: Squid Parent: child process 3291 exited with status 1
Oct 3 13:31:04 ks300 squid[3016]: Squid Parent: child process 3293 started


may be there is some hint for u ? and please define me what this log shows ? what kind of error this ?

Regards,
AK
Eyes Never Says Lies

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Sat Oct 06, 2007 7:13 am

Dear A_Karim,
Salam,

How can firewall does not allow process to start. This error is more related to squid, make sure squid shutdown properly.

Best Regards.
Farrukh Ahmed


Return to “Security”

Who is online

Users browsing this forum: No registered users and 0 guests