Help in implementing CHECKMAC Script By Farrukh Bhai

Protecting your Linux box
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Help in implementing CHECKMAC Script By Farrukh Bhai

Post by mudasir »

Salam,

I want to implement the MAC-Check script by Farrukh Bhai in ti my Current Firewall.
I have posted my Firewal Here...
http://www2.linuxpakistan.net/forum2x/v ... fd67124684

Please Help me out in impleenting this mac check script By Farrukh Bhai
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

set -x

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
/sbin/iptables -F INPUT
/sbin/iptables -I INPUT -p all -j DROP

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."
One more thing i want to know if i enter the MAC address in the file "/etc/mac.allow" will it automatically be alowed or will i have to restart the script.....
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: Help in implementing CHECKMAC Script By Farrukh Bhai

Post by lambda »

mudasir wrote:Please Help me out in impleenting this mac check script By Farrukh Bhai
help you how?
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

Salam,

I want to know that in my current firewall where should i paste the MAC-Check script, or should i create a saperate scipt for this MAC-Check purpose. This is what i want to know.

I also want to ask if i enter a new MAC address in the file do i have to restart the script or the MAC address will be automatically allowed.

Thnx for reply LAMBDA
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

Salam,

I tried this script by creating a saperate script, and when i executed it, it just like destroyed all the currest FIREWALL Rules and and all the ports were set to FILTER, even SSH and WEBMIN stopped working.

I cant figure out why this happened, but after doing this i have to restart my SERVER to get it to working.

Right now my SERVER has no security, even MAC security in squid is also not working.

I really need guide in this case.

looking foward for reply
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear mudasir,
Salam,

Insert your current firewall rules into checkmac script.

Best Regards.
Farrukh Ahmed
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

Salam.

Thnx for the reply.

I will try this tonight, and will let you know as son as possible.

Thnx again for reply.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

Salam,

Farrukh Bhai i tried what you told me, it worked but their is one problem, my mac.allow file is somewhat like this

#AMIR CABLE NETWORK

00:80:5F:77:A8:DC # rtl 01
00:01:03:04:D7:86 # ZUBAIR 02
00:01:02:5F:0F:73 # CAFE 1 03
00:01:02:F7:1C:E5 # CAFE 2 04
when i run the maccheck script it gives me errors saying
"# Invalid MAC Address"

Now can you tell me how will i be able to remove this error.

And one more thing. When i do "iptables -L", i see that all the MAC address are loaded which were in file "/etc/mac.allow", but the problem is that when i enter a new MAC address in the file it is not added in the firewall automatically.

Looking Forward for reply.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear mudasir,
Salam,

I will update checkmac script by this week.

Best Regards.
Farrukh Ahmed
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Re:

Post by A_Karim »

LinuxFreaK wrote:Dear mudasir,
Salam,

I will update checkmac script by this week.

Best Regards.
Assalam-o-Aliakum

Farrukh bahi where is checkmac updated script ??
I have tried ur checkmac script it works fine but i found some problems in it.

1. When going to take backup for mac.deny it take backup of mac.allow then how taking backup of mac.deny ??
2. Whats the difference between deny and block options ?? if there no diff. why 2 options ?
3. If i deny a MAC it store in mac.deny and after then i allow it copy into mac.allow file but still reside in mac.deny file. So which rule is applied on that MAC either ALLOW or DENY.

Hope u give answer and upload updated script.

Regards,
AK
Eyes Never Says Lies
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear A_Karim,
Salam,

FYI, http://www.linuxpakistan.net/forum2x/vi ... t=15#24788

Best Regards.
Farrukh Ahmed
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Post by A_Karim »

Dear Farrukh Bahi

Assalam-o-Aliakum

Code: Select all

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -j DROP

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."
I have applied ur giving maccheck script , fter applying these firewall rules everything works fine browsing stop at client side but they can use yahoo messenger how can i stop messengers as well ?? and the 2nd problem is after implement maccheck with /sbin/iptables -A INPUT -p all -j DROP rule whenever i restart my squid browsing totally stoped and squid did not response to any one even server also unable to use internet. How overcome this problem ?? is there any solution for it ??

Right now im doing these steps for running network with macchek
1. Comment this rule and restart squid #/sbin/iptables -A INPUT -p all -j DROP
2. Then after running everything fine comment out /sbin/iptables -A INPUT -p all -j DROP and then run maccheck script for MAC address filtering

What should i do to overcome this problem ? Is there anything wrong with rules sequence ?? or i miss any rule or step ??

Please provide proper solution

Regards,
AK
Eyes Never Says Lies
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear A_Karim,
Salam,

Allow your server MAC Addresses.

For Yahoo messenger i have to look why its still working.

Best Regards.
Farrukh Ahmed
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Post by A_Karim »

Dear Farrukh Bahi

WSalam

Server MAC addresses already allowed in mac.allow but after restarting squid everything goes down and one thing more u did not answer my questions which i have asked in my previous post about backup etc.


Regards,
AK
Eyes Never Says Lies
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear A_Karim,
Salam,
A_Karim wrote:1. When going to take backup for mac.deny it take backup of mac.allow then how taking backup of mac.deny ??
It should take backup of both mac.allow and mac.deny. If it is not working let me know i will check it.
A_Karim wrote:2. Whats the difference between deny and block options ?? if there no diff. why 2 options ?
I will have to check its been a time i did not used it :). I will update you accordingly.
A_Karim wrote:3. If i deny a MAC it store in mac.deny and after then i allow it copy into mac.allow file but still reside in mac.deny file. So which rule is applied on that MAC either ALLOW or DENY.
Its depends upon rule priority. I will fix this issue so that this problem never come back.

Best Regards.
Farrukh Ahmed
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Post by A_Karim »

Dear Farrukh Bahi

First thanks to ur reply im waiting updates from ur side.

But my problem with squid still there with ur script i have test it on two machines both have problem with this rule
/sbin/iptables -A INPUT -p all -j DROP

when i restart system or restart squid every thing goes down and squid unable to start.

I have added my servers's MACs in mac.allow file.

What is wrong ?

Regards,
AK
Eyes Never Says Lies
Post Reply