LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-08-2004, 08:30 PM   #1
kruption
LQ Newbie
 
Registered: Dec 2004
Posts: 3

Rep: Reputation: 0
How open is my box?


Hey all, first time here. A friend of mine recently got a dedicated server and asked me to basically setup it up.

It comes with Plesk 7 with a firewall module to set it up and make rules and it seems it work (ignores ping) but I'm still a bit curious if I secured it enough or not. I turned off all the services I don't currently need

The box is running Red Hat 9.

Below is my netstat results:

Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:imaps                 *:*                     LISTEN
tcp        0      0 *:pop3s                 *:*                     LISTEN
tcp        0      0 *:poppassd              *:*                     LISTEN
tcp        0      0 *:pop3                  *:*                     LISTEN
tcp        0      0 localhost.localdoma:783 *:*                     LISTEN
tcp        0      0 *:imap                  *:*                     LISTEN
tcp        0      0 *:smtps                 *:*                     LISTEN
tcp        0      0 *:ftp                   *:*                     LISTEN
tcp        0      0 localhost.locald:domain *:*                     LISTEN
tcp        0      0 u15173586.online:domain *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp        0      0 localhost.localdom:rndc *:*                     LISTEN
tcp        0      0 *:8443                  *:*                     LISTEN
tcp        0      0 *:http                  *:*                     LISTEN
tcp        0      0 *:ssh                   *:*                     LISTEN
tcp        0      0 *:https                 *:*                     LISTEN
udp        0      0 *:32768                 *:*
udp        0      0 localhost.locald:domain *:*
udp        0      0 u15173586.online:domain *:*
udp        0      0 *:bootpc                *:*
udp        0      0 *:32769                 *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     1739   /var/lib/mysql/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     2024   /tmp/spamd_light.sock
unix  2      [ ACC ]     STREAM     LISTENING     2261   /var/run/fpcgisock
unix  2      [ ACC ]     STREAM     LISTENING     2010   /tmp/spamd_full.sock
Here's my iptables based upon the firewall module from Plesk

Code:
#!/bin/sh
#
# Automatically generated by Plesk netconf
#

set -e

echo 0 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -A INPUT -p tcp ! --syn -j DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -A OUTPUT -p tcp ! --syn -j DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/sbin/iptables -A FORWARD -p tcp ! --syn -j DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t mangle -Z
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t nat -Z
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 143 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 993 -j DROP

/sbin/iptables -A INPUT -p tcp --dport 106 -j DROP

/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 5432 -j DROP

/sbin/iptables -A INPUT -p tcp --dport 9008 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 9080 -j DROP

/sbin/iptables -A INPUT -p udp --dport 5000 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 53 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 53 -j DROP

/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j DROP

/sbin/iptables -A INPUT -j DROP

/sbin/iptables -A OUTPUT -j ACCEPT

/sbin/iptables -A FORWARD -j DROP

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
#
# End of script
#
Any help would be greatly appreciated, thanks!
 
Old 12-08-2004, 08:40 PM   #2
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
always make sure your servers are up to date...
i seem to remeber an openSSH remote exploit in redhat 9...

(googleing...)

found this http://www.sfu.ca/~siegert/linux-security/msg00005.html

for an oldish distro, i would recomend googling all your server versions for any security holes.
 
Old 12-08-2004, 08:43 PM   #3
kruption
LQ Newbie
 
Registered: Dec 2004
Posts: 3

Original Poster
Rep: Reputation: 0
Will do, wasn't sure considering they said the box is uptodate upon the purchase date of it. Thanks for the quick reply.
 
Old 12-09-2004, 08:29 AM   #4
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
there are many things you COULD do for securety, it all depends on how carefull you want to be.
if the box is only going to be used as a server and not a desktop machine, you could use a newer distro with an SELinux (Securety enhanced) Kernel.

also, programs like tripwire and snort are worth looking into. they will not prevent your box being compromised, but they will alert you to the intrusion and minimise the abount of time an attacker has access to yorr box.

is this server cound to be only serving a LAN ? firewalled off from the outside internet ?
of are these servers to be open acreoss the internet ?
 
Old 12-09-2004, 10:22 AM   #5
kruption
LQ Newbie
 
Registered: Dec 2004
Posts: 3

Original Poster
Rep: Reputation: 0
The machine is on it's own seperate network and it's purely used as a server with the big thing being a socket server wirtten in php.

I was mistaken, it's acutally Fedora Core 2 and not Red Hat 9.

I ran yum last night and updated. I'll look into those programs you mentioned. Thanks a lot.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
cannot SFTP to SUSE 9.2 box, port 22 open, can putty in though using same port. jgrady Linux - Networking 6 03-29-2005 09:44 AM
XP Box won't connect to internet thru RH9 Box (firewall/dhcpd), it can only ping fire Rhapsodic Linux - Networking 4 07-10-2004 04:02 PM
How to get Open-With dialog box back again? AskMe Linux - Newbie 2 10-25-2003 12:13 PM
Flux or Open box cclavey Slackware 9 03-31-2003 11:26 PM
open linux box (x-server) from window over lan rionando Linux - Networking 1 04-26-2002 05:11 AM


All times are GMT -5. The time now is 07:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration