Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi.....Could anybody show how to find security holes in linux server and how to patch them. and how to protect linux server by attackers?
And please provide some good url links to the above questions.
That question is like asking what my favorite beer is.... Its going to be a very very very very very long talk.
How to find security holes? Well if they really wanted your system, they could scan it for vulnerabilities with tools such as Nessus. Maybe a little unlikely as this tool isnt free anymore, however tools like openVAS, can scan your system for vulnerabilities you haven't patched. If some kid found a vul they would probably try and use metasploit or some other take over tool to root your system.
You need to shut down as many services as possible. If you need to leave ssh open, make sure you disable root login.
Use a strong firewall. Check out alien bob's firewall generator.
What distrubution are you using?
You need to keep upto date with all your patches that are give out by your distro. So apt-get update, apt-get dist-upgrade,
/usr/sbin/slackpkg update, upgrade-all.
Then you have your dos and ddos attacks which can cripple your server chewing up its bandwidth, or overloading its CPU. If you have SQL backend, then you could be vulnerable to SQL injection.
If your asking this type of question, my advice would be just to start at the absolute bottom of linux and work up. Linux system administration guide is a free PDF. Just do a quick google search.
I dont think i've helped you but this question is very expansive. I would expect this post to get quite a few posts as there are so many things to be covered. Hopefully my brief post can give you a push in the right direction. Well, it will get the bare basics figured out.
Thank you very much, Although you guided a lot. I will go through those which all you have mentioned. Thanks
Quote:
Originally Posted by 0men
That question is like asking what my favorite beer is.... Its going to be a very very very very very long talk.
How to find security holes? Well if they really wanted your system, they could scan it for vulnerabilities with tools such as Nessus. Maybe a little unlikely as this tool isnt free anymore, however tools like openVAS, can scan your system for vulnerabilities you haven't patched. If some kid found a vul they would probably try and use metasploit or some other take over tool to root your system.
You need to shut down as many services as possible. If you need to leave ssh open, make sure you disable root login.
Use a strong firewall. Check out alien bob's firewall generator.
What distrubution are you using?
You need to keep upto date with all your patches that are give out by your distro. So apt-get update, apt-get dist-upgrade,
/usr/sbin/slackpkg update, upgrade-all.
Then you have your dos and ddos attacks which can cripple your server chewing up its bandwidth, or overloading its CPU. If you have SQL backend, then you could be vulnerable to SQL injection.
If your asking this type of question, my advice would be just to start at the absolute bottom of linux and work up. Linux system administration guide is a free PDF. Just do a quick google search.
I dont think i've helped you but this question is very expansive. I would expect this post to get quite a few posts as there are so many things to be covered. Hopefully my brief post can give you a push in the right direction. Well, it will get the bare basics figured out.
Any problems just shoot me an email and ill get back to you. Actually shoot me an email and ill get back to you in more detail save us bumping this post
Any problems just shoot me an email and ill get back to you. Actually shoot me an email and ill get back to you in more detail save us bumping this post
Please continue this topic in the forum, not via email, so everybody can benefit
Hence, that's why we call it a "forum where Linux users come for help"
Repo, sorry i sometimes think im retarded :P completely understand and sorry for that.
O.P
Depends what type of server your running i guess. Maybe lay down a little more details. You could obviously hire someone to pen-test your machine, however it can be expensive. A simple nmap 127.0.0.1 can be alright. Whatever it shows, just drop the services you dont need. If 6000 wont close as in a slackware machine then just drop all packets to that port.
Theres no such thing as a secure machine, if its connected to the internet, its vulnerable, and can be cracked. Sad but true.
If you need help, then dump your info here or a new post and Linux Questions can help !!!
As Repo, said you'll get much better/diverse information on this forum then you would from me (cause im retarded :P lol )
I guess I am a little of-topic, but I feel I need to say something here.
Quote:
If 6000 wont close as in a slackware machine then just drop all packets to that port.
What I did in my own Slackware was to tell X not to stay listening on that port. It makes no sense to have a service enabled and then just firewall it for every connection. It seems better for me to disable the service, even if you drop/reject every incoming connection to that port with the firewall.
Yes, thats what i did to my system as well. I only said to drop port 6000 if he couldn't close it. Better than leaving open, at least he could then search for a solution to close it.
Hi.....Could anybody show how to find security holes in linux server...
I am in some doubt about the exact question that you are trying to ask. It seems from the wording and some of the discussion later that you may be under the misapprehension that all possible Linux security problems are networking problems that can be dealt with by appropriate attention to ports and services. Maybe that is not true, and it just happens to be the path that the discussion followed and you are waiting, thinking 'and what about the other parts of the question?'
Networking problems are an important category of security problems, but not the whole story by any means.
If you look at the 'Security References' thread (and probably the stickies more generally) on this very forum you'll have a very good start on security generally.
Quote:
Originally Posted by roopakl
Hi.....Could anybody show how to find security holes in linux server...
If there was a simple algorithmic approach that went '...do this, find hole, block hole...repeat until no new hole is found...have no more security holes, ever' someone would have done it by now. That they haven't should tell you something.
One of the things that it should tell you is that it can't really be done, in the most general case, because many security holes are opened up by your attempts to use the system and not present in a 'default' install. So, you have to be careful about everything you do.
I think that the answer that you were looking for was something like 'use nmap to scan the server and look for open ports; understand each of those open ports, and block them off, if a strictly unnecessary port is being opened'. Well, you should do something like that (and, of course, look at iptables rules) but to think that this is all of security would be to make a massive mistake.
Quote:
Originally Posted by roopakl
H. and how to protect linux server by attackers?
And please provide some good url links to the above questions.
I read that as '...protect Linux server from attackers...'; tell me if that was incorrect. And URLs? Look at the Security References mentioned above and you won't want much else.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.