Seting rc.local server debian/ubuntu

Sebuah server yang berhadapan langsung dengan internet sangat rentan sekali di serang dari luar dan dari dalam sendiri. Oleh sebab itu pengamanan diri server yang pertama kali adalah rc.local. lansung aja dah ni setingaan rc.local server debian hasil penyempurnaan dari pak anton. 😀 makasih ilmu nya pak.

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will “exit 0” on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

iptables -A INPUT -p tcp -s 0/0 -d 0/0 –dport 80 -j ACCEPT
iptables -A INPUT -p udp -s 0/0 -d 0/0 –dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -i eth0 –dport 22 -j ACCEPT
iptables -A FORWARD -p tcp -s 203.130.xxx.xxx -d 222.124.xxx.xxx –dport 22 -j ACCEPT
iptables -A FORWARD -p tcp -s 203.130.xxx.xxx -d 222.124.xxx.xxx –dport 21 -j ACCEPT
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 222.124.xxx.xxx –dport 22 -j DROP

#3. STABIL: Allow SSH and Limit burst/syn attack
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –sport 22 -j ACCEPT
iptables -A OUTPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 22 -j ACCEPT
iptables -A INPUT -p tcp –syn -m limit –limit 10/s –limit-burst 30 -j DROP
iptables -A INPUT -m state –state INVALID -j DROP
iptables -A OUTPUT -m state –state INVALID -j DROP
iptables -A FORWARD -m state –state INVALID -j DROP

#4. TESTING: Mencegah Port Scanning/Paket tidak taat aturan
iptables -N MY_DROP
iptables -A MY_DROP -m limit –limit 7200/h -j LOG –log-prefix “PORTSCAN DROP”
iptables -A MY_DROP -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j MY_DROP
iptables -A FORWARD -p tcp –tcp-flags ALL NONE -j MY_DROP
iptables -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j MY_DROP
iptables -A FORWARD -p tcp –tcp-flags SYN,FIN SYN,FIN -j MY_DROP
iptables -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j MY_DROP
iptables -A FORWARD -p tcp –tcp-flags SYN,RST SYN,RST -j MY_DROP
iptables -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j MY_DROP
iptables -A FORWARD -p tcp –tcp-flags FIN,RST FIN,RST -j MY_DROP
iptables -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j MY_DROP
iptables -A FORWARD -p tcp –tcp-flags ACK,FIN FIN -j MY_DROP
iptables -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j MY_DROP
iptables -A FORWARD -p tcp –tcp-flags ACK,PSH PSH -j MY_DROP
iptables -A INPUT -p tcp –tcp-flags ACK,URG URG -j MY_DROP
iptables -A FORWARD -p tcp –tcp-flags ACK,URG URG -j MY_DROP

#5. STABIL: Memblokir UDP/TCP spam ports
iptables -A FORWARD -p tcp -m multiport –dports 445,1080,2283,2535,2745,3127,3128,5554,8866,9898,10080 -j DROP
iptables -A FORWARD -p udp -m multiport –dports 137,138,1026,1027,1028,1029,1153 -j DROP

exit 0