Showing posts from September, 2013

Firewall Check

I'm sure there are plenty of tools out there that do better than I, but this was my hack and I'm going to put it out there... So, on the server, I setup its own user account. Its shell was set to something I could control, and it did exactly what I was looking for in a couple of commands: # Add a temp user to the system so we can tinker around with this... adduser --home=/tmp/netcat --shell=/tmp/netcat/nc --ingroup=nogroup --disabled-password --system tmpnetcat # Setup the home so I can login using SSH keys since passwords are disabled anyways... install -d -otmpnetcat -gnogroup -m0700 /tmp/netcat/.ssh install -otmpnetcat -gnogroup -m640 ~/.ssh/ /tmp/netcat/.ssh/authorized_keys # Enable this user for accesing /bin/nc without a password as root so they can bind to any address for testing. echo -e '\n\ntmpnetcat ALL=NOPASSWD: /bin/nc' >> /etc/sudoers # Insert the script we'll execute when this user logs in. cat <<NCEXEC > /tmp/netcat/nc #!/bin