Cent7 Base

Packages

realmd
sssd
oddjob
oddjob-mkhomedir
sssd
adcli
samba-common-tools

vim
iptables-services

IPTables

/etc/sysconfig/iptables

*filter
:INPUT DROP [19:2321]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [2:116]
-N SSHATTACK
-A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
-A SSHATTACK -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --dport 22 --state NEW -m recent --set
-A INPUT -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 636 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
Back to top