LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 01-22-2006, 02:35 AM   #1
almontr
LQ Newbie
 
Registered: Jan 2006
Posts: 2

Rep: Reputation: 0
Newbie: Security and Updating programs


Hey,

I am running Red Hat 9, and I want to host a webserver and an ftp server. I just started with Linux, but I am learning things quickly. My question is aimed toward security and how to update the programs I am running.


My Setup
--------
I have a di-604 router for my LAN, and it only forwards ports 80 and 21 to my server. It also blocks WAN pings and uses a non-default password. My first question is, should my server get hacked, is there any possibility that the other computers on the network could be hacked as well? e.g. somehow make the router forward the port to another computer? This is just a home network and the other computers are running Windows XP and only sharing printers. Also, I'm not running samba on my server.

I put up my server and got hit with stuff within 2 days, so Im pretty concerned with security now. My apache log file has things like these:

(link to college in india) - - [19/Jan/2006:15:09:54 -0600] "POST /xmlrpc/xmlrpc.php HTTP/1.1" 404 292 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1"

cpe-65-185-150-255.midsouth.res.rr.com - - [18/Jan/2006:19:31:36 -0600] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 403 303 "-" "-"

My router log files also indicated that it blocked SYN flood attacks.

Apache
------
I am running apache 2.0, should I upgrade to 2.2? And from reading Hacking Linux Exposed (which is over my head in a lot of respects) there are possible security issues with improperly configured php and cgi, both of which I don't need, so should I comment out those modules in the apache config?

Other precautions I have taken (before the attacks):
Setting RedHat firewall to medium
for vsftpd block anonymous ftp access
for vsftpd only allow my user name
used strong passwords
for apache disabled folder browsing
ran up2date and installed all the new packages

vsftpd
------
I read about the insecurities of ftp and wanted to update my version of vsftpd. Since RH is no longer supported, there are no rpms. I am not very familiar with the tar.gz stuff, but can manage. I looked for documentation but couldn't find anything on upgrading from an old version, only installing it like it were new. My vsftpd rpm is version 1.1.3-8 and the new vsftpd is like 2.0.0.4 or so. Can someone walk me through this process? Is the old version going to be overwritten? Can both versions exist in different places? How do I handle this? I looked at the make file contents, and it didn't look like it was going to install stuff to where my current vsftpd seems to be. I figured this was because it was a generic source file(or binary?) and not specifically for RH? Also if I screwed up, I wouldn't know how to get my old vsftpd back, but I understand keeping things up to date is very important.


Are there any other precautions I can take for my two services (apache and vsftpd)? Im pretty much terrified to attempt to run any other services now, because I could configure them incorrectly since I don't really understand everything yet. Thanks so much.
 
Old 01-22-2006, 04:52 AM   #2
AwesomeMachine
Senior Member
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian jessie/sid; OpenSuSE; Fedora
Posts: 1,592

Rep: Reputation: 162Reputation: 162
First of all, a router is not enough security for services to the public over the internet. Just do yourself a favor and get an old scrap heap computer for $25 on eBay, and put three network cards in it. You need a 2 GB HDD, 64 MB ram, an Intel Celeron 600, if that, and a bootable cdrom drive. These systems are dirt cheap. Get smoothwall firewall, burn it to a CD, and install it. Get a plain old hub, and put that off the smoothwall firewall box. That is barely enough security not to get hacked, but it is enough. This method of firewall is the difference between walking through a piece of wet tissue paper(router) and walking through 3/4" plywood(smoothwall). Just make sure you read the smoothwall logs every day. You usually get entries for days before any breach, and by that time you already sealed of the IP, and that IP gets 100% blocked. Blocking by IP is pretty handy. I was getting bombarded so bad from china my system was slowing up on the internet. I just went and look at the logs and they were all coming from 222.000.000.000/0.0.0.0. So, I banned the whole thing. Took care of that problem in two minutes. I'm a home user, I run some servers. I like the dedicated firewall box. That's like tank plating for your servers.
 
Old 01-22-2006, 11:50 AM   #3
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,108

Rep: Reputation: 311Reputation: 311Reputation: 311Reputation: 311
Also, get something more recent than Red Hat 9, which is ancient and only supported by the Fedora Legacy project. I'd suggest the latest release of CentOS, which is a free repackaging of Red Hat Enterprise Linux. Chances are if any smart cracker gets onto your Web server, he or she will proceed to attempt to break into the other computers on yopur LAN. It doesn't matter what your server is running -- once the bad guys get pontpo it, they can upload any cracking tools they want to try to get at the rest of your network.
 
Old 01-22-2006, 02:55 PM   #4
almontr
LQ Newbie
 
Registered: Jan 2006
Posts: 2

Original Poster
Rep: Reputation: 0
Ok, I have two computers lying around that I could use for this. They both are running Windows 98, will that work? I don't understand putting three network cards in the computer and also using a hub though. Also can I still use my router? I've had it for 2-3 years and it hasn't done me wrong yet. Is this how the setup looks?


internet<-----firewall computer (smoothwall)----->router----->lan computers

I just looked at the site. Is smoothwall an OS in itself?

Also, I've barely gotten the hang of RH9, and you want me to change to a different distribution when I just got everything set up? I only have a limited amount of time to get this thing up and going. I am going overseas for 5 months on Feb 3, so I will also not be able to easily check IPs and block them.

Last edited by almontr; 01-22-2006 at 02:59 PM.
 
Old 01-22-2006, 04:24 PM   #5
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,108

Rep: Reputation: 311Reputation: 311Reputation: 311Reputation: 311
Probably he suggested three network cards so you can separate you server on a separate subnet and set up rules to keep it from attacking your other machines should it be broken into. That's called a DMZ in firewall terminology.

CentOS won't be very much different from RH9. Really if you got one set up the other should be very easy. It's always good to use the latest versions of things. Red Hat 9 is more than two years old now and as I said only supported as a legacy product.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
security newbie, but not Linux newbie. advice on secure delete tools mattie_linux Linux - Security 19 08-15-2005 01:50 AM
Security Updating Murdock1979 Slackware 6 07-27-2005 10:44 PM
Updating security in Sarge King4lex Debian 12 09-07-2004 06:31 PM
Programs - uninstalling, updating, pointing mymojo Linux - Newbie 2 10-20-2003 07:13 AM
Some programs don't work after updating the kernel via up2date ferrantepunto Linux - General 2 12-24-2002 04:28 AM


All times are GMT -5. The time now is 01:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration