isdnconfig - choose 1, ippp1 to prevent default gateway to ippp0
/etc/isdn/device.ippp1:
edit all lines marked with XXX_:
LOCALIP=
REMOTEIP=AAA.BBB.CCC.DDD
LOCALMSN=''
REMOTEMSN=XXXXX
LEADINGZERO=''
# FIREWALL RULES (start)
iptables -A OUTPUT -o $device -p tcp --dport 22 -j ACCEPT
# FIREWALL RULES (stop)
iptables -D OUTPUT -o $device -p tcp --dport 22 -j ACCEPT
only ssh should trigger a dialout
/etc/isdn/ipppd.ippp1:
-pap
+chap
name USERNAME
noccp
nolzs
noipdefault
nodefaultroute
mru 1524
mtu 1500
ipcp-accept-local
ipcp-accept-remote
useifip
/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
USERNAME * PASSWORD
[ view entry ] ( 893 views ) | print article
apt-get install scponly
gunzip /usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz
chmod 755 /usr/share/doc/scponly/setup_chroot/setup_chroot.sh
cd /usr/share/doc/scponly/setup_chroot/
./setup_chroot.sh /home/USERNAME USERNAME RELATIVE_WRITEABLE_DIR
cp /dev/null /home/USERNAME/dev
maybe cp /etc/groups /home/USERNAME/etc
HINT: login via ssh is not possible BUT PORTFORWARDING
[ view entry ] ( 690 views ) | print article
chroot a user logging in via ssh
apt-get install libpam-chroot
less /usr/share/doc/libpam-chroot/examples/README.example
/usr/share/doc/libpam-chroot/examples/setup-chrootdir-shell.sh
/etc/security/chroot.conf:
+USERNAME /var/chroot/sshd/home/USERNAME
/etc/pam.d/login:
+session required pam_chroot.so
To copy all linked libs (but not libs loaded at runtime) of a programm to our chroot
ldd /usr/bin/pprogram | awk '{if ($3 ~ /^[^ (]/) print $3}' | \
cpio -pdvuL $CHROOTDIR
[ view entry ] ( 534 views ) | print article
chmod 700 /etc/cron.daily/websitesync
#!/bin/sh
wget -q --mirror --no-host-directories --cut-dirs=1 --directory-prefix=/var/www \
--user=USERNAME --password=XXXXX ftp://www.holik.at/htdocs
I mirror to my homeserver/var/www and to prevent wget to add
directorynames i use --no-host-directories --cut-dirs=1
without this it would be homeserver/www.holik.at/htdocs/var/www.
[ view entry ] ( 759 views ) | print article
First computer where to redirect serial via TCP:
stty -F /dev/ttyS0 raw 9600 -echo
nc 192.168.0.1 1111 >/dev/ttyS0 </dev/ttyS0
Second computer receiving needs 2 serial's
stty -F /dev/ttyS0 raw 9600 -echo
stty -F /dev/ttyS1 raw 9600 -echo
nc -l -p 1111 >/dev/ttyS1 </dev/ttyS1
Now a programm can connect to /dev/ttyS0 and talks to out first computer.
[ view entry ] ( 1814 views ) | print article
<<First <Back | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | Next> Last>>