Tenth Week assignment

The system input and output default policy is drop, please complete the following questions about Iptables;

1. The Web server that restricts the local host is not allowed to access in Monday; the rate of new requests cannot exceed 100 per second; The Web server contains the admin string and the page is not allowed; The Web server only allows the response message to leave the unit;

2, during the working hours, that is, Monday to Friday 8:30-18:00, open the local FTP service to the 172.16.0.0 network host access, the number of data download requests per minute not more than 5;

3, open the local SSH service to the host in 172.16.x.1-172.16.x.100, X is your seat number, the new request to establish the rate of one minute not more than 2, only allow the response message through its service port to leave the unit;

4, reject the TCP flag bit all 1 and all 0 of the message access to the machine;

5, allow the native ping other host, but not open the other host ping this machine;

6, judge the meaning of the following rules:

# iptables-n Clean_in

# iptables-a clean_in-d 255.255.255.255-p icmp-j DROP

# iptables-a clean_in-d 172.16.255.255-p icmp-j DROP

# iptables-a Clean_in-p TCP! --syn-m State--state New-j DROP

# iptables-a clean_in-p TCP--tcp-flags all all-j DROP

# iptables-a clean_in-p TCP--tcp-flags all none-j DROP

# iptables-a clean_in-d 172.16.100.7-j RETURN

# iptables-a input-d 172.16.100.7-j clean_in

# iptables-a Input-i lo-j ACCEPT

# iptables-a Output-o lo-j ACCEPT

# iptables-a input-i eth0-m multiport-p tcp--dports 53,113,135,137,139,445-j DROP

# iptables-a input-i eth0-m multiport-p UDP--dports 53,113,135,137,139,445-j DROP

# iptables-a input-i eth0-p UDP--dport 1026-j DROP

# iptables-a input-i eth0-m multiport-p tcp--dports 1433,4899-j DROP

# iptables-a input-p icmp-m limit--limit 10/second-j ACCEPT

7, through the Tcp_wrapper control VSFTPD only allow the 172.16.0.0/255.255.0.0 network host access, but 172.16.100.3 except; the access attempts that were denied are recorded in the/VAR/LOG/TCP_ Wrapper.log the log file;

8. Delete whitespace characters from the beginning of all lines in the/boot/grub/grub.conf file;

9. Delete all # and white space characters at the beginning of the line at the beginning of #, followed by at least one white-space character, in the/etc/fstab file;

10. Save the odd line of/etc/fstab file as/tmp/fstab.3;

11. Echo a file path to the SED command, take out its base name, and further, take out its path name;

12. Count the number of States of all TCP connections on the current system;

13. Count the number of resource accesses for each IP in the specified Web Access log:

14, authorized CentOS users can run the FDISK command to complete Disk Management, and use MKFS or MKE2FS to achieve file system management;

15, authorized Gentoo users can run the logical volume management of the relevant commands;

16, based on the pam_time.so module, restrict the user through the SSHD service remote login only during working hours;

17, based on the pam_listfile.so module, the definition of only some users, or some groups of users can log in the system;

This article is from the "Linux Sailing" blog, make sure to keep this source http://jiayimeng.blog.51cto.com/10604001/1870623

Tenth Week assignment