Login email alert

A simple one-liner that can be added to the global bashrc (/etc/bash.bashrc on Ubuntu) to send an alert via email when a user logs in. Useful for login alert from un-attended machines you don’t usually log into.

echo 'Login on' `hostname` `date` `who` | mail -s "Login on `hostname` `who | awk '{ print $5 }'`" [email protected]

SSH port forwarding

ssh -L localport:host:hostport [email protected]_server -N

Example:

ssh -L 8888:www.google.com:80 [email protected]_server -N

Browsing to http://localhost:8888/ would tunnel all requests to google via your SSH server’s IP address.

IPTables quick reference

# iptables -N new_chain                         // create a chain
# iptables -E new_chain old_chain               // edit a chain
# iptables -X old_chain                         // delete a chain

redirecting packet to a user chain:
# iptables -A INPUT -p icmp -j new_chain

listing rules:
# iptables -L                                   // list all rules of all tables
# iptables -L -v                                // display rules and their counters
# iptables -L -t nat                            // display rules for a specific tables
# iptables -L -n --line-numbers                 // listing rules with line number for all tables
# iptables -L INPUT -n --line-numbers           // listing rules with line number for specific table

manage rules:
# iptables -A chain                             // append rules to the bottom of the chain
# iptables -I chain [rulenum]                   // insert in chain as rulenum (default at the top or 1)
# iptables -R chain rulenum                     // replace rules with rules specified for the rulnum
# iptables -D chain     rulenum                 // delete rules matching rulenum (default 1)
# iptables -D chain                             // delete matching rules

change default policy:
# iptables -P chain target                      // change policy on chain to target
# iptables -P INPUT DROP                        // change INPUT table policy to DROP
# iptables -P OUTPUT DROP                       // change OUTPUT chain policy to DROP
# iptables -P FORWARD DROP                      // change FORWARD chain policy to DROP 

Source: raynux.com

IPSEC – Site to site VPN

crypto isakmp policy <N> * N = priority, lower preferred

authentication pre-share
encryption <3DES/AES/DES> * AES preferred
group <1/2/5> * Diffie Hellman group
hash <MD5/SHA>
lifetime <T> * in Seconds

crypto isakmp key <0/6> <KEY> address 1.1.1.1

crypto ipsec transform-set <TRANS NAME> esp-aes esp-sha-hmac

mode <TUNNEL/TRANSPORT>

crypto ipsec security-association lifetime <T>

access-list 123 permit ip <SOURCE NET> <SOURCE WILDCARD> <DEST NET> <DEST WILDCARD>

crypto map <MAP NAME> <SEQ> ipsec-isakmp

match address 123
set peer <REMOTE ADDR>
set transform-set <TRANS NAME>

int dial0 <OUTSIDE IF>

crypto-map <MAP NAME>

Notes :

QM_IDLE = Good!

MM_NO_STATE = Phase 1 (*IKE problem) – Check public incoming ACL’s

MM_KEY_EXCH = Bad peer address or key problem

On public facing inbound ACL’s allow :

ESP – Protocol 50

AH – Protocol 51

IKE – UDP port 500