LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-16-2004, 04:45 PM   #1
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Rep: Reputation: 30
Question Basics of Linux Security


I'm aware that this question has been asked in the past, but searches in the forum and online have lead to information that was simply too overwhelming and confusing. I have set up my laptop with Slack 9.1. Local security is already taken care of and no one but me is going to be physically using the machine. However, I want to know what I can practically do to secure this box from outside attacks. Lists of hundreds of security-related pages won't help, since I simply can't understand what is required, what isn't, and what changes affect what. I have followed the suggestions of this site (http://www.oldskoolphreak.com/tfiles/hack/slack_sec.txt), probably closing down more than I need to (but I really don't know). Is this enough? Did that site leave anything important out? I won't be constantly contected on a static IP which probably means I don't need to go to many extreme measures, but I will be using a dynamic IP on a college campus on both wired and wireless networks on a regular basis. The information that's out there is so overwhelming since so much is available. I'd like to read a nice "newbie tutorial" as is being discussed in a News: thread on this forum, but, until that exists, can anyone give me specific points about what needs to be done besides those things listed at the site above. Thanks in advance.

EDIT:
One more thing... after the above is taken care of, what command can I run/steps can I follow to what is currently connected to my machine from outside to check for anything abnormal (and how to I tell if it is abnormal?). Thanks again.

Last edited by jrdioko; 07-16-2004 at 04:46 PM.
 
Old 07-16-2004, 05:22 PM   #2
vectordrake
Senior Member
 
Registered: Nov 2003
Location: NB,Canada
Distribution: Something alpha or beta, binary or source...
Posts: 2,280
Blog Entries: 4

Rep: Reputation: 47
For your uses, you're probably locked down more than necessary. The only suggestion I'd give to you as far as going any further, is to use complex passwords for your root and user accounts and change them with a reasonable frequency. As a general rule, especially where your network access is DHCP, you're not going to be sitting on any IP for long enough to hack. If you change the passwords (especially root) then the bad guys will have even less chance to get in.

But, honestly, if you have data that you consider important, offload it to a password-protected and encrypted cd (or usb key) and stop worrying . If you leave your puter connected for days and give an opportunity to be hacked, then there'd be nothing for anyone to get. That is, if anyone'd have a chance. Sounds like you're locked down.
 
Old 07-16-2004, 07:22 PM   #3
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
Well I really don't have any extremely important information in the first place, but I'm not aware of what programs store unencrypted passwords or how easy it would be to crack the encrypted ones.

It sounded like that site locked everything down probably too much (I'll probably have to start opening things up to get certain things to work), but I wanted to make sure. Now I'd still just like to know how I can check open ports/connections on eth0 and wlan0 to confirm that nothing is there that shouldn't be. Thanks!
 
Old 07-16-2004, 08:19 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
That's actually a rather concise and effective tutorial. One thing I'd add though, is to install a file integrity IDS like tripwire, samhain, aide, etc after you install and configure the machine to your liking. Then make sure to keep the db update and view logs of recent checks.

Cracking /etc/passwd hashes is relatively trivial (just takes time and enough CPU cycles). The key is to really protect them, by perimeter hardening and limiting the effect of local exploitation (kernel/stack hardening).

Off Topic, in regards to your sig, I just attended a lecture by one of the guys who won a recent Nobel Prize (for co-inventing NMR/MRI) and his advice for being successfull was to find somthing that a Nobel Prize winner said was impossible/absurd and then proceed to go out a do it.
 
Old 07-16-2004, 09:59 PM   #5
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
Interesting... I remember a year or so ago hearing of someone who helped invent the MRI giving a lecture in town, but I don't remember his name.

Back on topic, that all sounds well and good but it all flew over my head I'm afraid . Could you elaborate a bit on what you're talking about and what it involves? Thanks!
 
Old 07-16-2004, 10:19 PM   #6
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Interesting... I remember a year or so ago hearing of someone who helped invent the MRI giving a lecture in town, but I don't remember his name.
Paul Lauterbur?

Back on topic, that all sounds well and good but it all flew over my head I'm afraid . Could you elaborate a bit on what you're tlking about and what it involves? Thanks!
Sure, which part?
 
Old 07-16-2004, 10:21 PM   #7
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
I'm afraid I wouldn't remember the name even if I heard it.

Well, for starters, I don't know what a file integrity IDS is or how I'd go about picking on .
 
Old 07-16-2004, 10:58 PM   #8
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
A file integrity IDS, is an application which basically takes a "snapshot" of the file your system at a given point and then runs a check at certain intervals looking for alterations to those files or creation/deletion of files from critical directories. Someone attempting to gain local or root access to a system will often leave telltale files or attempt to hide files by altering system files. One common example would be replacing the ps binary which would normally list currently running processes with a modified version of ps that listed all processes _except_ those executed by a certain user (the evil_hacker). Unless you commonly look at the contents of binaries or perusing /proc, you'd be unaware of the change. Having something like tripwire which functions by calculating a cryptographic checksum of all critical files allows you to quickly check the integrity of the files on your system by comparing their current checksums to those taken when the IDS was installed.

Tripwire is one of the more common file integrity scanners, but there are a number of relatively good ones that have more or less features. Take a look at the security references thread (see my sig for link) where there are a number of them available. Which one you install really depends on the features you would like (but they all do more or less the same thing)

Last edited by Capt_Caveman; 07-16-2004 at 11:02 PM.
 
Old 07-16-2004, 11:40 PM   #9
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
Interesting... I took a quick look at a few of those links and that does sound like something good to have (better to have too much than too little). I'm looking into getting snort and tripwire now. I appreciate the help.
 
Old 07-17-2004, 12:58 AM   #10
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
I downloaded tripwire from the sourceforge site, but the INSTALL file wasn't complete and a "make release" in the src/ directory returned a whole list of errors. I can't find an md5 for it to check if it was complete, but it seems it wasn't. I tried redownloading it, but got the same error. Can anyone verify if the INSTALL file in the latest release from the sourceforge site is complete (has a section #3)? That way I'll know if the problem is on my end or not. Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
basics of linux wireless? slinky2004 Linux - Hardware 4 09-21-2005 02:08 PM
Security Basics for SUSE 9.1? 12_West Linux - Newbie 3 07-24-2004 09:50 PM
Linux Command Line Basics civicsi Linux - Newbie 6 04-24-2004 04:14 PM
Back To Basics: Hardware on Linux kwixson Linux - Newbie 7 09-25-2003 05:16 PM
Basics..in programmin in Linux. Nanu Programming 3 04-12-2003 07:29 PM


All times are GMT -5. The time now is 11:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration