root@tests:~# iptables -L INPUT -n –line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:22
2   ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:80
3    ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:443
4    ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:21
5   ACCEPT     all  –  127.0.0.1            0.0.0.0/0
6   ACCEPT     all  –  192.168.1.100        0.0.0.0/0
7   ACCEPT     icmp –  0.0.0.0/0            0.0.0.0/0
8   ACCEPT     all  –  192.168.4.0/24       0.0.0.0/0
9   DROP       all  –  0.0.0.0/0            0.0.0.0/0           state NE

You’ll get the list of all INPUT entries.  Look at the number on the left  then use the following command to delete :

iptables -D INPUT <<number here>>

Enjoy.

Ssh can support forwarding traffic & act as a SOCKS proxy.

This is fantastic for encrypted browsing over unsecured wifi connections. You can setup Firefox, YM or any other SOCKS 5 compliant program to make use of the proxy. After executing the command below ssh will be listening on localhost (127.0.0.1) and you would then point your SOCKS compliant program to this ip and port that you specify below.

The command:

ssh -qTfnN2 -D 8080 -p 22 user@localhost

Explanations:

-q :- be very quite, we are acting only as a tunnel.
-T :- Do not allocate a pseudo tty, we are only acting a tunnel.
-f :- move the ssh process to background, as we don?t want to interact with this ssh session directly.
-N :- Do not execute remote command.
-p :- Port to connect to on the remote host.
-n :- redirect standard input to /dev/null.
-2 :- Forces ssh to try protocol version 2 only.
-D :- Specifies a local “dynamic” application-level port forwarding.This works
by allocating a socket to listen to port on the local side,and whenever a connection
is made to this port, the connection is forwarded over the secure channel, and the application
protocol is then used to determine where to connect to from the remote machine.
Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server.
Only root can forward privileged ports.

Enjoy.

What is Suhosin?

Suhosin is an advanced protection  for PHP5 installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in independent parts, that can be used separately or in combination.

Suhosin is a great and simple way of increasing your security protection without having a immense impact on overall performance.

In this tutorial I will cover the installation and configuration of Suhosin on Debian Squeeze. I will also assume that you already have apache2 and php2 setup using this tutorial:How to install apache2, mysql5 and php5 on debian squeeze

1. Install Suhosin on Debian Squeeze:

Installation of suhosin on Debian Squeeze is simple.

apt-get update && apt-get install php5-suhosin

2. Configuring Suhosin:

The configuration file on Debian Squeeze is located in /etc/php5/conf.d/suhosin.ini.

On Debian Squeeze edit the sshd_config file located in /etc/ssh/ :

Change PermitRootLogin from yes/no to “without-password”:

#PermitRootLogin yes
PermitRootLogin without-password

Restart ssh daemon and try to login with root account.

Enjoy.

In the following tutorial  i will explain the installation of the apache2 module “mod_evasive“.
Mod_evasive tracks the number of requests for files on the Apache2  server and blocks the delivery in case a certain limit is reached.

Step1. Install mod_evasive module:

apt-get install libapache2-mod-evasive

Step2. Create the log directory for mod_evasive:

mkdir -p /var/log/apache2/evasive

NOTE: Make sure the www-data user will have access to create logs:

chown -R www-data:root /var/log/apache2/evasive

Step3. Now edit the configuration file for the module 0 located in /etc/apache2/mods-available/mod-evasive.load like this:

vim /etc/apache2/mods-available/mod-evasive.load

After edit the file will look  like this:

LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so
 <IfModule  mod_evasive20.c>
 DOSHashTableSize 3097
 DOSPageCount 5
 DOSSiteCount 120
 DOSPageInterval 1.5
 DOSSiteInterval 1.5
 DOSBlockingPeriod 10
 DOSLogDir "/var/log/apache2/evasive"
 </IfModule>

This config seems to be optimal for me.

Step4. Enable the module and restart apache:

a2enmod mod-evasive
 /etc/init.d/apache2 restart