web panel to manage iptables and tc - secure the implementation of changes Post: 302405697

Sponsored Content

Top Forums UNIX for Dummies Questions & Answers web panel to manage iptables and tc - secure the implementation of changes Post 302405697 by bor1904 on Friday 19th of March 2010 03:06:06 PM

03-19-2010

Registered User

web panel to manage iptables and tc - secure the implementation of changes

Hi,

Subject of my school work:
"Web interface for managing firewall and band on the access server (Linux)"

I have a big problem because I do not know how to safely implement the change in the system and show the logs on the Web page.

Unfortunately, the number of solutions for today is enormous and it is increasingly difficult to me to decide on the right.

They are:
1. Launching a web server with root privileges (the default mode of miniserv'a Webmin)
2. CGI scripts on apache SUID (mode webmin on "foreign" server)
3. suPHP or suexec
4. Cron implements changes to the root
5. Daemon in C "periodically" implement changes in the configuration files created by PHP
6. Daemon in C to implement the changes requested in the configuration files created by PHP
7.Use SSH in PHP and after logging into the root of execution of commands in the configuration files created by PHP (the root password in the DB)
8.Use SSH in PHP and after logging into the root of execution of commands in the configuration files created by PHP (the root password, enter manually)
9. Like the above so that the use of sudo and user rights only to the necessary shell commands
10. Add the user apache in the /etc/sudoers can perform all the necessary applications shell commands
11. Seize the opportunity to command: shell_exec ( `sudo php-f / home /example/script.php`), and /etc/sudoers

(probably a few more options ...)

What should I choose?

(one of the main objectives of the application is simple and it is addressed to support small networks or networks class SO/HO)

sorry for my English, but I never learned this language

Thanks in advance and greet.

bor1904

View Public Profile for bor1904

Find all posts by bor1904

3 More Discussions You Might Find Interesting

1. HP-UX

Secure Web Console Firmware

I have firmware 2.0 for the HP Secure Web Console, but looking for 1.8. Hp does not have this posted anywhere. Anyone have it? Thanks.

2. Web Development

How to create a web application such as serverpilot to manage unmanaged Linux vps ?

hello, this is my first post here and i want to know about automated server management. how to create a web application such as serverpilot to manage unmanaged linux vps (digital ocean , vultr, etc.)?:confused::confused::confused:

3. HP-UX

J3591A, HP Secure Web Console firmware

Hello all, Looking for a pre v2.0 rev of firmware for this ancient device. Nothing I've seen in searches indicates previous versions were available for download but I have to believe they were. I've tried the new hpe community website, (formerly ITRC I believe) but no dice. Also if...

LEARN ABOUT DEBIAN

ipfilter.conf

NETSCRIPT-2.2.conf(5)						File Formats Manual					     NETSCRIPT-2.2.conf(5)

NAME

       /etc/netscript/network.conf - interface, firewalling, and QoS configuration file.

       /etc/netscript/if.conf - interface setup shell script file

       /etc/netscript/qos.conf - QoS setup shell script file

       /etc/netscript/ipfilter.conf - IP chains filtering shell script file

       /etc/netscript/srvfilter.conf - server IP filter shell script file

DESCRIPTION

       This manpage is a place holder until something better is written when the netscript itself has stopped changing rapidly.

       Please  see  the README file in the /etc/netscript directory, and READ the configuration files if you need to change them.  Apart from net-
       work.conf, all of them contain sh (1) shell script functions which are there so that various things can be altered  or  hooked  in  at  the
       right place. Network.conf contains the full network setup details, including special interface setup for the likes of ciped/pppd/wanconfig,
       and is fully commented with examples given.

UPGRADE PATH FROM KERNEL 2.2.X
       The firewall/IP filtering stuff in ipfilter.conf is the part that changed radically with the move to iptables and a far better way of  set-
       ting  up  the  IP filtering rules, however the QoS and interface startup/shutdown in if.conf have changed but are backwards compatible with
       the old 2.2.x ipchains version of netscript for the interface address configuration settings.  You will have to set up the filtering  again
       to use iptables by directly using the iptables commands.

       Also,  the  kernel  2.2.x version scripts are set up so that iptables is only run on a 2.4.x kernel, otherwise IP forwarding is disabled if
       beforehand you set IPFWDING_KERNEL to FILTER_ON in network.conf.

       This means that when you upgrade a box to a 2.4.x router kernel, you should then be able to reboot it and log  into  remotely  and  upgrade
       netscript  to  the version that will support 2.4.x.  In this situation, if you have set old IPFWDING_KERNEL setting to FILTER_ON beforehand
       in network.conf, all IP forwarding through the box will also be disabled.  This means that you can safely remotely upgrade a firewall.

SEE ALSO

       netscript(8), ipchains(8), iproute(8), brcfg(8).

AUTHOR

       This manual page was written by Matthew Grant <grantma@anathoth.gen.nz>, for the Debian GNU/Linux system (but may be used by others).

BUGS

       The author is lazy.  He needs to write btter man pages...

								 November 23, 2000					     NETSCRIPT-2.2.conf(5)