peterh - Linux

Internetaccess via modem

Thursday, June 21, 2007, 16:59 - Network
Posted by Administrator

apt-get install ppp

edit /etc/ppp/pap-secrets

/etc/network/interfaces

auto modem
iface modem inet ppp
        provider modem

/etc/ppp/peers/modem

ttyS0
38400
connect "/usr/sbin/chat -v -f /etc/ppp/peers/modem.chat"
disconnect "/usr/sbin/chat -v -f /etc/ppp/peers/modem.hangup"

192.168.1.3:192.168.1.1

user USERNAME
noauth
asyncmap 0
crtscts
lock
modem
lcp-echo-interval 30
lcp-echo-failure 4
ipcp-accept-local
ipcp-accept-remote
noproxyarp
noipx
noipv6
nodefaultroute
mru 542

debug
#updetach

demand
idle 120
holdoff 10

/etc/ppp/peers/modem.chat

ABORT        BUSY
ABORT        "NO CARRIER"
ABORT        VOICE
ABORT        "NO DIALTONE"
SAY          "\nConnecing..."
""           ATDTnumber
TIMEOUT      90
CONNECT      ""
SAY          "\nConnected.

/etc/ppp/peers/modem.hangup

"" '\K\d'
"" '+++\d'
"" 'ATH\d'
"" 'ATZ'

[ view entry ] ( 1175 views ) | print article

Internetaccess via ISDN

Thursday, June 21, 2007, 16:09 - Network
Posted by Administrator

apt-get install isdnutils-base

isdnconfig - choose 1, ippp1 to prevent default gateway to ippp0

/etc/isdn/device.ippp1:

edit all lines marked with XXX_:

LOCALIP=
REMOTEIP=AAA.BBB.CCC.DDD
LOCALMSN=''
REMOTEMSN=XXXXX
LEADINGZERO=''
# FIREWALL RULES (start)
iptables -A OUTPUT -o $device -p tcp --dport 22 -j ACCEPT
# FIREWALL RULES (stop)
iptables -D OUTPUT -o $device -p tcp --dport 22 -j ACCEPT

only ssh should trigger a dialout

/etc/isdn/ipppd.ippp1:

-pap
+chap
name USERNAME
noccp
nolzs
noipdefault
nodefaultroute
mru 1524
mtu 1500
ipcp-accept-local
ipcp-accept-remote
useifip

/etc/ppp/chap-secrets

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses

USERNAME   *   PASSWORD

[ view entry ] ( 854 views ) | print article

scponly

Thursday, June 21, 2007, 11:56 - Network, Security
Posted by Administrator

apt-get install scponly

gunzip /usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz
chmod 755 /usr/share/doc/scponly/setup_chroot/setup_chroot.sh
cd /usr/share/doc/scponly/setup_chroot/
./setup_chroot.sh /home/USERNAME USERNAME RELATIVE_WRITEABLE_DIR

cp /dev/null /home/USERNAME/dev

maybe cp /etc/groups /home/USERNAME/etc

HINT: login via ssh is not possible BUT PORTFORWARDING

[ view entry ] ( 655 views ) | print article

ssh - chroot

Thursday, June 21, 2007, 10:36 - Network, Security
Posted by Administrator

chroot a user logging in via ssh

apt-get install libpam-chroot

less /usr/share/doc/libpam-chroot/examples/README.example

/usr/share/doc/libpam-chroot/examples/setup-chrootdir-shell.sh

/etc/security/chroot.conf:

+USERNAME   /var/chroot/sshd/home/USERNAME

/etc/pam.d/login:

+session    required   pam_chroot.so

To copy all linked libs (but not libs loaded at runtime) of a programm to our chroot

ldd /usr/bin/pprogram | awk '{if ($3 ~ /^[^ (]/) print $3}' | \
cpio -pdvuL $CHROOTDIR

[ view entry ] ( 497 views ) | print article

mirror my website

Thursday, June 21, 2007, 10:19 - Web
Posted by Administrator

chmod 700 /etc/cron.daily/websitesync

#!/bin/sh

wget -q --mirror --no-host-directories --cut-dirs=1 --directory-prefix=/var/www \
     --user=USERNAME --password=XXXXX ftp://www.holik.at/htdocs

I mirror to my homeserver/var/www and to prevent wget to add
directorynames i use --no-host-directories --cut-dirs=1
without this it would be homeserver/www.holik.at/htdocs/var/www.

[ view entry ] ( 696 views ) | print article

<<First <Back | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | Next> Last>>