FIREWALL
iptables [IAD]chain rulespecifications [options]
Input
Output
Forward
Usually Input Flags:
i specifies the inbound interface
s specifies the source
p specifies the protocol [TCP/UDP]
dport specifies the destination port
j
ACCEPTDeliver the traffic
REJECTdo not deliver, send reject notice
DROPdo not deliver, do not respond
LOG just logs, doesn’t deliver To view rules:
L
nL
nvL
nvL linenumbers Add number after INPUT/OUTPUT/FORWARD to add a rule at specified line netstat plant | grep :80 | awk ‘{print $5}’ | cut d: f1 | sort | uniq c | sort n one line to look at apache connections
NETSTAT
p show the PID and the name of the program to which each socket belongs plant shows listening sockets ss tn for socket statistics
LOGS
Ubuntu: cat /var/auth.log
CentOS: less /var/log/secure
Can be piped to grep for failed passwords less /var/log/secure | grep ‘failed password for root’| awk ‘{print $11}’
Above shows only the IP addresses from failed connections less /var/log/secure | grep ‘failed password for root’| awk ‘{print $11}’ | uniq c | sort n
Shows IP addresses sorted by how many times they have attempted. whois [IP Address]
Shows information about an IP
BASH
.sh File Extension for bash scripts mkdir [foldername] Makes a folder eject Ejects rmdir Deletes folders, Rf deletes everything within the folder
Start all scripts with #!/bin/bash read takes user input and stores it in a variable
Use “$” to call variables; do not when defining a variable; unless it is a list cut removes characters from the STDOT
d flag followed by column number only outputs that column followed by delimiter: “:” followed by f[col #]
Define an array [list name]=$( contents separated by spaces )
For loop syntax: for [local variable name] in “${list[@]}” do [commands] done “”” used for block quotes cat prints a files contents
\n new line; similar to in python tr translates text cat [filename] | tr “\n” “” displays a files contexts all on one line, with each item separated by a space list=($[listname]) converts a list to an array http://www.tldp.org/LDP/BashBeginnersGuide/html/sect_07_01.html Windows:
SYSINTERNALS
Useful tools for identifying processes autoruns and other programs
*TCPView*
NETSTAT netstat aon shows all connections Piped to !findsr [port] will act similar to grep. Common ports are: 23,25,80,443,8080 Microsoft Baseline Security Analyzer(MBSA)
Fast and easy method to identify and correct many common misconfigurations and issues
Scans all the things, like everything, everywhere Microsoft Baseline Configuration Analyzer(MBCA)
Allows a system to be