[j-nsp] How to restart a JUNOS process using Shell and CRONTAB
Hi everyone, Does anyone know how to restart a JUNOS process using Shell and CRONTAB ? Do we need to create some kind of shell script to do that ? This seems not to be working for me: ps -ax | grep dfwd 1146 ?? I 0:00.27 /usr/sbin/dfwd -N kill -s HUP 1146 Does anyone uses the CRONTAB for that ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to restart a JUNOS process using Shell and CRONTAB
Looks like is better to use event-options: set event-options generate-event TestEvent time-of-day 09:05:00 -0300 set event-options policy Policy1 events TestEvent set event-options policy Policy1 then execute-commands commands run restart firewall set event-options policy Policy1 then execute-commands output-filename test1 set event-options policy Policy1 then execute-commands destination local-directory set event-options destinations local-directory archive-sites /var/tmp/ Hi everyone, Does anyone know how to restart a JUNOS process using Shell and CRONTAB ? Do we need to create some kind of shell script to do that ? This seems not to be working for me: ps -ax | grep dfwd 1146 ?? I 0:00.27 /usr/sbin/dfwd -N kill -s HUP 1146 Does anyone uses the CRONTAB for that ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SSH access and not working firewall policy
Hi I have Juniper running 10.4R7 with RE filter applied to lo.0 but I still see bruteforce attacks to my SSH in log messages. I tested policy from hosts not existing in MGMT ACL - I cannot connect to SSH, so how these attackers can connect to my SSH ? Any hints ? Maybe I also have to filter more ports ? Rob My configuration: lo0 { unit 0 { family inet { no-redirects; primary; filter { input RE; } address 10.0.0.1/32 } } } policy-options { prefix-list MGMT { 10.3.0.0/24; 10.4.0.0/24; } } } filter RE { term cli_permit { from { prefix-list { MGMT; } protocol tcp; destination-port [ telnet ssh ]; } then { count cli_permit; accept; } } term cli_deny { from { protocol tcp; destination-port [ telnet ssh ]; } then { count cli_deny; log; discard; } } term default_action { then accept; } } ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SSH access and not working firewall policy
On Aug 12, 2012, at 3:07 PM, Robert Hass robh...@gmail.com wrote: Hi I have Juniper running 10.4R7 with RE filter applied to lo.0 but I still see bruteforce attacks to my SSH in log messages. I tested policy from hosts not existing in MGMT ACL - I cannot connect to SSH, so how these attackers can connect to my SSH ? Any hints ? Maybe I also have to filter more ports ? Rob My configuration: lo0 { unit 0 { family inet { no-redirects; primary; filter { input RE; } address 10.0.0.1/32 } } } policy-options { prefix-list MGMT { 10.3.0.0/24; 10.4.0.0/24; } } } filter RE { term cli_permit { from { prefix-list { MGMT; } protocol tcp; destination-port [ telnet ssh ]; } then { count cli_permit; accept; } } term cli_deny { from { protocol tcp; destination-port [ telnet ssh ]; } then { count cli_deny; log; discard; } } term default_action { then accept; } } ___ For some reason (have to admit I forget exactly why) I ended up doing it this way on 9.6, not sure if it is helpful for 10.4 or not. filter protect-router { term 10-ssh { from { source-address { 0.0.0.0/0; } source-prefix-list { trusted-networks except; } protocol tcp; destination-port ssh; } then { discard; } } } George Carey ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SSH access and not working firewall policy
One possibility - They're coming from inside your own network =) Whats the source IPs on the attempts, and what device is this (EX? MX? J? QFabric?) - CK. On 2012-08-13, at 5:07 AM, Robert Hass wrote: Hi I have Juniper running 10.4R7 with RE filter applied to lo.0 but I still see bruteforce attacks to my SSH in log messages. . ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp