[CentOS] Help: Server security compromised?
dsteward at internode.on.net
Thu Aug 7 03:33:10 UTC 2008
> About the two SSH terminal, if I activate a wrong firewall change that
> blocks the SSH port, would it not also terminate the existing
> terminals since new packets going in would be rejected, or does it not
> affect already established TCP connections?
It depends upon what you are doing and in which order you do it.
Unfortunately, I'm not an expert in iptables - I refuse to spend time
learning more than the basics on it, since I don't like it. IMO the
structure and rules are byzantine and unnecessarily flexible/complex, so when
fiddling about with the firewall, usually its just simple commands to
open/close ports or do connection limiting/throttling, and I don't ever
touch port 22.
FWIW, when doing a complex task, instead of typing in commands in a
terminal, I begin writing a script to do those commands. At the very
same time I develop a 'rollback' script to undo those commands in case
Experimenting on a Centos 5.2 server which I have console access. Upon
an error condition, I then modify the script, play the 'rollback'
script, and reissue the script. So gradually the script and its
'antidote' are built to where I'm satisfied they work.
Then and only then, do I use that script on production and remote
servers which are also running CentOS 5.2
The only problem which my method is that getting these scripts to be
100% correct even in the face of malevolent conditions such as DNS
timeouts and hardware errors makes them 2-3 times as long and yukky and
hard to read.
More information about the CentOS