[j-nsp] How to restart a JUNOS process using Shell and CRONTAB
Hi everyone, Does anyone know how to restart a JUNOS process using Shell and CRONTAB ? Do we need to create some kind of shell script to do that ? This seems not to be working for me: ps -ax | grep dfwd 1146 ?? I 0:00.27 /usr/sbin/dfwd -N kill -s HUP 1146 Does anyone uses the CRONTAB for that ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to restart a JUNOS process using Shell and CRONTAB
Looks like is better to use event-options: set event-options generate-event TestEvent time-of-day 09:05:00 -0300 set event-options policy Policy1 events TestEvent set event-options policy Policy1 then execute-commands commands run restart firewall set event-options policy Policy1 then execute-commands output-filename test1 set event-options policy Policy1 then execute-commands destination local-directory set event-options destinations local-directory archive-sites /var/tmp/ Hi everyone, Does anyone know how to restart a JUNOS process using Shell and CRONTAB ? Do we need to create some kind of shell script to do that ? This seems not to be working for me: ps -ax | grep dfwd 1146 ?? I 0:00.27 /usr/sbin/dfwd -N kill -s HUP 1146 Does anyone uses the CRONTAB for that ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SSH access and not working firewall policy
Hi
I have Juniper running 10.4R7 with RE filter applied to lo.0 but I
still see bruteforce attacks to my SSH in log messages.
I tested policy from hosts not existing in MGMT ACL - I cannot connect
to SSH, so how these attackers can connect to my SSH ?
Any hints ? Maybe I also have to filter more ports ?
Rob
My configuration:
lo0 {
unit 0 {
family inet {
no-redirects;
primary;
filter {
input RE;
}
address 10.0.0.1/32
}
}
}
policy-options {
prefix-list
MGMT {
10.3.0.0/24;
10.4.0.0/24;
}
}
}
filter RE {
term cli_permit {
from {
prefix-list {
MGMT;
}
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_permit;
accept;
}
}
term cli_deny {
from {
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_deny;
log;
discard;
}
}
term default_action {
then accept;
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SSH access and not working firewall policy
On Aug 12, 2012, at 3:07 PM, Robert Hass robh...@gmail.com wrote:
Hi
I have Juniper running 10.4R7 with RE filter applied to lo.0 but I
still see bruteforce attacks to my SSH in log messages.
I tested policy from hosts not existing in MGMT ACL - I cannot connect
to SSH, so how these attackers can connect to my SSH ?
Any hints ? Maybe I also have to filter more ports ?
Rob
My configuration:
lo0 {
unit 0 {
family inet {
no-redirects;
primary;
filter {
input RE;
}
address 10.0.0.1/32
}
}
}
policy-options {
prefix-list
MGMT {
10.3.0.0/24;
10.4.0.0/24;
}
}
}
filter RE {
term cli_permit {
from {
prefix-list {
MGMT;
}
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_permit;
accept;
}
}
term cli_deny {
from {
protocol tcp;
destination-port [ telnet ssh ];
}
then {
count cli_deny;
log;
discard;
}
}
term default_action {
then accept;
}
}
___
For some reason (have to admit I forget exactly why) I ended up doing it this
way on 9.6, not sure if it is helpful for 10.4 or not.
filter protect-router {
term 10-ssh {
from {
source-address {
0.0.0.0/0;
}
source-prefix-list {
trusted-networks except;
}
protocol tcp;
destination-port ssh;
}
then {
discard;
}
}
}
George Carey
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SSH access and not working firewall policy
One possibility - They're coming from inside your own network =) Whats the source IPs on the attempts, and what device is this (EX? MX? J? QFabric?) - CK. On 2012-08-13, at 5:07 AM, Robert Hass wrote: Hi I have Juniper running 10.4R7 with RE filter applied to lo.0 but I still see bruteforce attacks to my SSH in log messages. . ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
