Sobre el arranque en modo de texto init 3, podemos acceder modo grfco con init 5

http://www.cyberciti.biz/tips/linux-iptables-!-how-to-bloc"-common-attac".html
#root$www etc%& #root$www etc%& fnd / -name syslog.con'
/etc/audisp/plugins.d/syslog.con'
/etc/latrace.d/syslog.con'
En /etc less rsyslog.conf
#root$www etc%& fnd / -name (syslog(
/etc/rsyslog.con'
/usr/share/dracut/modules.d/)*syslog/rsyslog.conf
#root$www etc%& less rsyslog.con'
&rsyslog +, confg fle
& i' you experience problems, chec"
& http://www.rsyslog.com/troubleshoot 'or assistance
&&&& -./012S &&&&
3-od1oad imuxsoc".so & pro+ides support 'or local system logging 4e.g. +ia logger
command5
3-od1oad im"log.so & pro+ides "ernel logging support 4pre+iously done by r"logd5
&3-od1oad immar".so & pro+ides ---678-- message capability
& 9ro+ides 0/9 syslog reception
&3-od1oad imudp.so
&30/9Ser+er7un 5:
& 9ro+ides ;<9 syslog reception
&3-od1oad imtcp.so
&3=nput;<9Ser+er7un 5:
&&&& >1.?61 /=72<;=@2S &&&&
& 0se de'ault timestamp 'ormat
36ctionAile/e'ault;emplate 7SBS1.>C;raditionalAileAormat
& Aile syncing capability is disabled by de'ault. ;his 'eature is usually not reDuired,
& not use'ul and an extreme per'ormance hit
&36ctionAile2nableSync on
&&&& 7012S &&&&
& 1og all "ernel messages to the console.
& 1ogging much else clutters up the screen.
&"ern.( /de+/console
& 1og anything 4except mail5 o' le+el in'o or higher.
& /onEt log pri+ate authentication messagesF
(.in'oGmail.noneGauthpri+.noneGcron.none /+ar/log/messages
& ;he authpri+ fle has restricted access.
authpri+.( /+ar/log/secure
& 1og all the mail messages in one place.
mail.( -/+ar/log/maillog
& 1og cron stuH
& 1og all "ernel messages to the console.
& 1ogging much else clutters up the screen.
&"ern.( /de+/console
& 1og anything 4except mail5 o' le+el in'o or higher.
& /onEt log pri+ate authentication messagesF
(.in'oGmail.noneGauthpri+.noneGcron.none /+ar/log/messages
& ;he authpri+ fle has restricted access.
authpri+.( /+ar/log/secure
& 1og all the mail messages in one place.
mail.* -/var/log/maillog
& 1og cron stuH
cron.( /+ar/log/cron
& 2+erybody gets emergency messages
(.emerg (
& Sa+e news errors o' le+el crit and higher in a special fle.
uucp,news.crit /+ar/log/spooler
& Sa+e boot messages also to boot.log
localI.( /+ar/log/boot.log
&log para iptables
kern.warning /var/log/iptables.log
& &&& begin 'orwarding rule &&&
& ;he statement between the begin ... end defne a S=J>12 'orwarding
& rule. ;hey belong together, do J.; split them. =' you create multiple
& 'orwarding rules, duplicate the whole bloc"F
& 7emote 1ogging 4we use ;<9 'or reliable deli+ery5
&
& 6n on-dis" Dueue is created 'or this action. =' the remote host is
& down, messages are spooled to dis" and sent when it is up again.
&3Kor"/irectory /+ar/spppl/rsyslog & where to place spool fles
&36ctionLueueAileJame 'wd7ule & uniDue name prefx 'or spool fles
&36ctionLueue-ax/is"Space g & gb space limit 4use as much as possible5
&36ctionLueueSa+e.nShutdown on & sa+e messages to dis" on shutdown
&36ctionLueue;ype 1in"ed1ist & run asynchronously
&36ction7esume7etry<ount - & infnite retries i' host is down
& remote host is: name/ip:port, e.g. )M.N*.!.:5:, port optional
&(.( $$remote-host:5:
& &&& end o' the 'orwarding rule &&&
Sobre iptables en Centos
#root$www in'ormatica%& cd /etc/sysconfg/
#root$www sysconfg%& ls
atd console init ip+sadm-confg networ"ing prelin" saslauthd
system-confg-frewall
auditd cpuspeed ipNtables irDbalance networ"-scripts pulse selinux
system-confg-frewall.old
authconfg crond ipNtables-confg "dump n's raid-chec" sendmail
system-confg-users
auto's frstboot ipNtables.old "ernel nspluginwrapper readahead
smartmontools tomcatN
cbD grub iptables "eyboard ntpd readonly-root snmpd ude+
cgconfg ha iptables-confg modules ntpdate rsyslog snmptrapd
wpaCsupplicant
cgred.con' httpd iptables.old netconsole openct samba sysstat
cloc" i*n iptables.or networ" pgsDl sandbox sysstat.iocon'
#root$www sysconfg%& less iptables
& Airewall confguration written by system-confg-frewall
& -anual customization o' this fle is not recommended.
(flter
:=J90; 6<<29; #!:!%
:A.7K67/ 6<<29; #!:!%
:.0;90; 6<<29; #!:!%
-6 =J90; -m state --state 2S;6?1=SO2/,7216;2/ -P 6<<29;
-6 =J90; -s M!*.)N.,5.)N/M) -p icmp -P 6<<29;
-6 =J90; -p icmp -P 72Q2<;
-6 =J90; -i lo -P 6<<29;
& 1.>
-! "#$%& -p tcp -m tcp --dport '' -( )*+ --log-pre,x -."#&E#&* /E !CCE0* !
001 .- --log-level 2
-6 =J90; -s N).I5.)I. -P 1.> --log-prefx RE=J;2J;. /2 O6<827 ER --log-le+el :
-6 =J90; -s M*.!*.*5.M:! -P 1.> --log-prefx RE=J;2J;. /2 O6<827 ER --log-le+el :
-6 =J90; -s M!M.I.5:., -P 1.> --log-prefx RE=J;2J;. /2 O6<827 ER --log-le+el :
& atacantes
-6 =J90; -s N).I5.)I. -P /7.9
-6 =J90; -s M*.!*.*5.M:! -P /7.9
-6 =J90; -s M!M.I.5:., -P /7.9
&puertos de ser+icios permitods
-6 =J90; -s M!*.)N.,5.)N/M) -m state --state J2K -m tcp -p tcp --dport MM -P 6<<29;
-6 =J90; -m state --state J2K -m tcp -p tcp --dport MM -P /7.9
-6 =J90; -m state --state J2K -m tcp -p tcp --dport *! -P 6<<29;
-6 =J90; -P 72Q2<; --rePect-with icmp-host-prohibited
-6 A.7K67/ -P 72Q2<; --rePect-with icmp-host-prohibited
En /3ome less maillog
En / !rc3ivo maillog-4