Posts

My Linux Asterisk server getting hacked!

After seeing numerous entries to hack my linux box I decided it is time to learn how to implement iptables for security.
A copy of the log file an be found here log-file.
The way I can tell I’m being attacked is if I open my /var/log/messages file, which you can see in its entirety below. I see what appears to be a brute force SSH attack. I can see the attackers IP is 211.151.64.106. If I do a Arin lookup on this IP I see the network is in Asia and the ISP owns 210.0.0.0 – 211.255.255.255. Lucky for me I don’t need anyone in Asia access my box so I’m going to block this entire network.

First thing I need to do is very iptables is installed by typing:
iptables

The return I get is below this is good means iptables is already installed:
Try `iptables -h’ or ‘iptables –help’ for more information.
Next thing I need to do is list my current iptables rules:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

You can see from these rules I have absolutely none configured.
Next I’m going to add my rules to block the IP that is attacking my machine:
iptables -A INPUT -s 210.1.1.1/8 -j DROP
iptables -A INPUT -s 211.1.1.1/8 -j DROP
iptables -A INPUT -s 212.1.1.1/8 -j DROP

These are actually entire subnets that I’m blocking because they’re registered in Asia and my server doesn’t need to communicate with this ISP anyways.
The next thing I’m going to do is save my active iptables to my startup iptables so that these rules load when my computer reboots:
/etc/init.d/iptables save active
The next thing I’m going to do is reboot my server and verify these rules still exist:
shutdown -r now
Once the PC is back online I verify my rules:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all — 210.0.0.0/8 anywhere
DROP all — 211.0.0.0/8 anywhere
DROP all — 212.0.0.0/8 anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

You can see now that I have 3 active rules which will block all incoming communication from these three IP addresses.
Now don’t get me wrong I’m no Unix expert and I’m sure there is a way to combine all of these into one but I don’t feel like trying to figure out what it is right now. So this should get the job done.
If you want to delete any of these rules you can type the following respectively:
iptables -D INPUT 1
iptables -D INPUT 2
iptables -D INPUT 3

These three commands will effectively delete all of the entries I’ve made.
After going through my log file and blocking out all these IP’s I noticed a trend. They are all registered to foreign countries. Luckily for me my voice server doesn’t need to communicate with these countries. So I’ve decided to block all traffic to the Asian continent. You can do the same by copying and pasting the code here:
iptable-entry-syntax1 
A note on this if you decide you want to start over from scratch you can delete all of your chains by typing in
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X

My next step here is monitoring my /var/log/messages for awhile realtime to make sure I’m not getting attacked still. I can do this by typing the following:
tail -f /var/log/messages

What is virtualization

There is a lot of buzz going around about Virtualization.
What is Virtualization, and what benefits does it provide?
In this article we will take a look at the technology to see
how it can provide a great deal of flexibility and cost
effectiveness for IT professionals and software developers.
Virtualization technology allows multiple virtual machines
to run on a single host computer. These virtual machines can
run different operating systems, such as Windows, Linux and
UNIX. Each virtual machine has its own set of virtual
hardware resources (e.g., CPU, RAM, Hard Drive, etc)
allowing the operating system to run as if it were installed
on a physical machine.
The benefits of Virtualization technology are far reaching.
Many organizations have moved to the virtual machine
solution to consolidate multiple servers, running side by
side on a single physical machine. Server consolidation
allows IT professionals to fully utilize server resources,
while isolating virtual machines and allowing them to run
different operating systems and applications. Software
developers utilize virtual machine technology to quickly
test applications on different operating systems, without
the hassle of setting up multiple physical machines for
testing or taking the risk of causing problems by testing in
a production environment.
You can run Virtualization software on pretty much any
platform. Once the software is installed it is simple to
create virtual machine instances. Virtual machines are just
a set of files located on the host machine. You configure
your virtual machine settings on the host computer, install
the operating system and you are ready to go. It is a very
common practice to use a master image of a virtual machine.
This master image can be a fully configured machine, with
the operating system and all required applications
installed. You can then rapidly deploy virtual machines by
copying the master image to multiple Virtualization hosts to
provide zero downtime and 100% server availability.
There are a number of Virtualization products available.
VMWare, which is probably the most popular, recently
announced that it will be releasing a free version of its
GSX Server product. This will allow any organization to host
virtual machines on either Windows or Linux hosts. Other
Virtualization products include Microsoft’s Virtual Server and SWsoft’s Virtuozzo, just to name a few.