Secure Debian-based with GUI distribution? Security reading material (e-versions)?
Okay, here's the deal.
I am going to be a part of a "cyber contest" event at a (high-)school event. My job is to protect our server from the "hackers" (the college students). Here's what happens. The high school students (us) are the "victims" or "targets" and the college students are the "hackers". Basically, they try to hack us and take down our network, and we try to keep it up, running and functional. So, I am in need of recommendations: 1. What would be the best (in terms of security) Debian-based distribution that has/can easily obtain a GUI? Note: "Debian-based", in this case, can mean "based on a distribution based on Debian", "based on a distribution based on a distribution based on Debian", et cetera. As long as the deepest roots point back towards Debian. 2. What is some good e-reading material for me? I don't have any money to spend, but if anyone knows of any legally free eBooks (id est, not pirated), and/or any good tutorials, sites, links, et cetera, by all means, please point me towards it/them! Note 1: The Debian-based part is my personal preference; I am familiar/comfortable with the "feel" of such distributions. Note 2: I know that most of the power in any given Linux distribution comes from the CLI, but I would still like to have a GUI available. Here's how I figure it: I want to be able to monitor/control as much as I can with the GUI, and whenever I need the CLI, I will open a Terminal shell - without having to leave the GUI, and possibly miss something else that happened. Note 3: I will need Aptitude and/or Apt-Get package management. I do not (necessarily) need a GUI to the package management, but it would be helpful. In other words, if it doesn't have GUI package management, I will be able to live without it, but if it does have it, that will be a nice bonus. Thank you all in advance, computer_freak_8 |
I forgot to mention...
I forgot to mention this part: We are allowed to take down the "hacker's" server/network if we need to; just as long as ours stays up and running.
So, does anyone know of any distributions that meet the previously mentioned requirements and/or (but preferably "and") the following requirements: 1. Good for hacking (efficient, maybe stealthy) 2. GUI 3. Lots of tools available to hack (Metasploit? John the Ripper? I don't really know; I'm trying to remember what I used to know about this sort of thing...) 4. (Optional but preferred:) Debian based 5. (Could be optional but much preferred:) Simple/easy to use package management. (GUI definately preferred, but not absolutely required.) Thanks again, computer_freak_8 |
Wargames just isn't a distro thing. It's about knowledge (and a wee bit of luck), skill (and some soceng if you can handle it, heh) and a feeling for the sun-tzu ping-fa. Wrt reading Debian comes with one of the oldest, all-encompassing security HOWTO's that will provide a good start. Read it, run tools like Tiger and post your hardening approach for a second opinion, hints, tips and pointers.
|
Huh?
Quote:
What is it that you are referring to? I think you mean that Debian includes a How-To with its distribution. Is this correct? If so, how do I access it? Would I be better off basing my system on Ubuntu, (since I am most familiar with it - out of all Linux OSes, that is) or would I be better off learning more "pure"/"true" Debian and using is as my base distribution? Thanks much, computer_freak_8 |
Quote:
Quote:
|
Good advice.
First off, thanks for the link. I wasn't sure exactly what you meat when you said "Debian comes with".
Secondly, It makes sense to know how/why the enhancements are done, and done the way they are; thanks for pointing this out, I hadn't thought about this part before. Third, the GUI. Yes, I know there will be a performance impact. However, knowing my newbie-ness to this type of thing, I think it will be best for me to have one - I can run (and see) terminal windows for tailing and following multiple log files all at once, without having to [Ctrl]+[Alt]+[F#] amongst them. There are also some other things, such as GUI front-ends to firewalls and such, but since the "main power" is at the command line, that first reason is my main one for the GUI. So, what is the GUI that has the least of an impact (of the GUIs) on the performance of the machine? I'm guessing TWM, Fluxbox, Blackbox, IceWM, and Xfce would all be okay. I think that Fluxbox or IceWM would probably be best for my needs, but what do you think? |
Securing Debian Manual
http://www.debian.org/doc/manuals/se.../index.en.html fluxbox would be a nice lightweight wm choice. Paranoid Penguin - Security Features in Ubuntu Server http://www.linuxjournal.com/article/10012 BASTILLE-LINUX Quote:
http://www.ibm.com/developerworks/li...ary/l-seclnx3/ Ubuntu Unleashed: Howto: Harden the Ubuntu Linux Kernel with sysctl http://www.ubuntu-unleashed.com/2008...rnel-with.html |
Quote:
Quote:
Quote:
That's why I emphasised practicing things and that isn't hard to set up and start with: only thing you need is a machine you can work on and load a QEmu or VMware image to play with. That way you recover more easily from fsck ups by just loading a pristine image. Both QEmu OSZOO and VMware community provide all sorts of OS and distro images to check out for free (as in beer). I would suggest you read some, choose a distro, read more, then whip up a detailed list of changes you think are necessary to harden the machine. (I mean: don't ask for a list but come up with one yourself). Then post that list in the Linux Security forum if you would like a second opinion. Quote:
|
Re: "screen"
craigevil: Thanks for all the links. I will be reading them shortly.
unSpawn: Thanks for the tip on the "screen" program. After looking over the man page (reading some, scanning the rest) for it, I was still unable to make my session "jump" to the lower half after splitting the screen. I tried playing with the "windowlist" and "focus" features, but they would simply change which "session" I ran in the top half of the screen. Also, is there a way to make the screen split into two rows, two columns, or three rows, three columns? If so, how do I initiate shells in each of these "windows"? Google has provided me with the basics on how to use screen, and the man page helped clarify a few things, but I'm still a bit confused on how to "properly use" the screen program. Note: I don't need you to just give me the answer, I do prefer the little hints that simply guide me in the right direction. Which brings me to my next point. I noticed that you seem to know a lot about security with Linux. I hope to have a career involving this someday. I appreciate how you give me ways to learn, rather than ways to "do" - I'd rather practice learning than a routine. What I mean by this is that, instead of learning "Step 1; do this. Step 2; run this command. Step 3; copy this file here.", I (as well as you, it seems) prefer that I learn "Tips on how to obtain the knowledge you need; tips on how to find more information." Thus, I learn information, instead of memorizing commands. Put much more simply, I like your approach on this. Thanks. Oh, one more thing: When you mentioned the "Linux Security forum", were you referring to the one at http://www.linuxsecurityforum.org/? I found many others, including these two: http://www.linuxquestions.org/questi...ux-security-4/ http://www.linuxforums.org/forum/linux-security/ Thanks so much! computer_freak_8 |
Heh, but I'm not a Security guru, there's lotsa people here who definately know way more than I do (which is a good thing, considering). With the default keycombo splitting is C-a S, columns it doesn't do AFAIK, jumping I don't know about and shell init is C-a c. Searching LQ slash the 'net for "screen +tips" will reveal more. If you find something of worth please post. And yes, I meant http://www.linuxquestions.org/questi...ux-security-4/ because we like to keep that type of questions together here at LQ.
Thanks for the feedback BTW, I don't it get that often. |
Success!
Heh heh, wow, I forgot all about this thread!
Well, we had the contest, and our team came in 4th of about 30-40 or so. The server I was in charge of was hosting SMTP/IMAP/Webmail. The rest of my teammates were either on the Web/FTP server, the (Windows-based) Remote Desktop server, or an extra machine we were using exclusively for monitoring purposes. The web server eventually got hacked, but with the help of the others, I finally managed to get it back up again, by copying the deleted files from my system. (The only missing files were the ones from the "modules" and "boot" directories.) However, there were only a couple of the Web/FTP servers that didn't get hacked, and I think ours was about the only one that came back up after being attacked. Both the Remote Desktop and Mail servers were up the whole time; apparently only two Mail servers got hacked, and I don't recall how many of the Remote Desktop servers. While I wouldn't trust it in real-world situations, I was glad that I survived throughout the competition. Basically, my server consisted of Ubuntu 8.04 (Desktop, 32-bit) fully updated, using Squirrelmail, Courier IMAP, and Postfix SMTP. I originally had it setup using the most secure protocols, but they wanted it to be more standard. I used an IPTABLES "deny address" script I made to add addresses to my "ban" list. Thanks for all the help/ideas! -cf8 |
All times are GMT -5. The time now is 04:52 AM. |