Hi.....Could anybody show how to find security holes in linux server and how to patch them. and how to protect linux server by attackers?
And please provide some good url links to the above questions.

That question is like asking what my favorite beer is.... Its going to be a very very very very very long talk.

How to find security holes? Well if they really wanted your system, they could scan it for vulnerabilities with tools such as Nessus. Maybe a little unlikely as this tool isnt free anymore, however tools like openVAS, can scan your system for vulnerabilities you haven't patched. If some kid found a vul they would probably try and use metasploit or some other take over tool to root your system.

You need to shut down as many services as possible. If you need to leave ssh open, make sure you disable root login.

Use a strong firewall. Check out alien bob's firewall generator.

What distrubution are you using?
You need to keep upto date with all your patches that are give out by your distro. So apt-get update, apt-get dist-upgrade,
/usr/sbin/slackpkg update, upgrade-all.

Then you have your dos and ddos attacks which can cripple your server chewing up its bandwidth, or overloading its CPU. If you have SQL backend, then you could be vulnerable to SQL injection.

If your asking this type of question, my advice would be just to start at the absolute bottom of linux and work up. Linux system administration guide is a free PDF. Just do a quick google search.

I dont think i've helped you but this question is very expansive. I would expect this post to get quite a few posts as there are so many things to be covered. Hopefully my brief post can give you a push in the right direction. Well, it will get the bare basics figured out.

Kind regards and i wish you the best of luck

1 members found this post helpful.

Thank you very much, Although you guided a lot. I will go through those which all you have mentioned. Thanks

Thats okay man,

Any problems just shoot me an email and ill get back to you. Actually shoot me an email and ill get back to you in more detail save us bumping this post

Kind regards

shadowcat @ y7mail (dot) com

More than happy to help

Please continue this topic in the forum, not via email, so everybody can benefit
Hence, that's why we call it a "forum where Linux users come for help"

Kind regards

Repo, sorry i sometimes think im retarded :P completely understand and sorry for that.

O.P
Depends what type of server your running i guess. Maybe lay down a little more details. You could obviously hire someone to pen-test your machine, however it can be expensive. A simple nmap 127.0.0.1 can be alright. Whatever it shows, just drop the services you dont need. If 6000 wont close as in a slackware machine then just drop all packets to that port.

Theres no such thing as a secure machine, if its connected to the internet, its vulnerable, and can be cracked. Sad but true.

If you need help, then dump your info here or a new post and Linux Questions can help !!!

As Repo, said you'll get much better/diverse information on this forum then you would from me (cause im retarded :P lol )

Kind regards.

I guess I am a little of-topic, but I feel I need to say something here.

What I did in my own Slackware was to tell X not to stay listening on that port. It makes no sense to have a service enabled and then just firewall it for every connection. It seems better for me to disable the service, even if you drop/reject every incoming connection to that port with the firewall.

The end result will not differ very much, anyway.

Yes, thats what i did to my system as well. I only said to drop port 6000 if he couldn't close it. Better than leaving open, at least he could then search for a solution to close it.

Regards.

I am in some doubt about the exact question that you are trying to ask. It seems from the wording and some of the discussion later that you may be under the misapprehension that all possible Linux security problems are networking problems that can be dealt with by appropriate attention to ports and services. Maybe that is not true, and it just happens to be the path that the discussion followed and you are waiting, thinking 'and what about the other parts of the question?'

Networking problems are an important category of security problems, but not the whole story by any means.

If you look at the 'Security References' thread (and probably the stickies more generally) on this very forum you'll have a very good start on security generally.

If there was a simple algorithmic approach that went '...do this, find hole, block hole...repeat until no new hole is found...have no more security holes, ever' someone would have done it by now. That they haven't should tell you something.

One of the things that it should tell you is that it can't really be done, in the most general case, because many security holes are opened up by your attempts to use the system and not present in a 'default' install. So, you have to be careful about everything you do.

I think that the answer that you were looking for was something like 'use nmap to scan the server and look for open ports; understand each of those open ports, and block them off, if a strictly unnecessary port is being opened'. Well, you should do something like that (and, of course, look at iptables rules) but to think that this is all of security would be to make a massive mistake.

I read that as '...protect Linux server from attackers...'; tell me if that was incorrect. And URLs? Look at the Security References mentioned above and you won't want much else.