Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I installed the gui frontent guarddog to set up an rc.firewall script using iptables. It seems to work, as i checked a few scurity website to see if my ports were blacked, and they all seemed to be. But I have a couple questions..
If there a way i can see a log of what is hitting my firewall?
Also, a log of all activity tryign to connect to my box? (ALthough I guess that is the same)
I've also read that sendmail is insecure, but, I'm not 100% what it is, so i need it only if I'm running a mail server, or is it the front-end for my email client (sylpheed)?
Finally, I was thinking it would be nice if i was about to ssh into my box. Is that a good idea for a home box, or is it insecure? And if it is an ok idea, can you link me to instructions on how to set it up? Thanks
I'm not sure how guarddog works, I use Firestarter, but check its options to see if you can set logging to some place. I'm pretty sure you don't need sendmail; if you use an SMTP server to send your mail you definitely don't. And as for ssh I would have to say it's pretty secure. Everything sent through ssh is encrypted. Setting up is easy: make sure /etc/rc.d/rc.sshd is executable and when you boot the ssh daemon will be started.
here are a few ssh sites, it's basically very easy. as Nis noted, ssh encrypts the data it sends, so if you are doing remote logins you really should use it instead of telnet, rlogin, etc.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Sendmail is insecure because it is monlithic and runs as root. Most Linux distros come with Sendmail installed by default and usually also running. Check you rc.d scripts to see whether Sendmail is being started. Also, the quickest way to tell is usually to telnet to your own IP on port 25, ex:
$ telnet localhost 25
or
$ telnet a.b.c.d 25
(where a.b.c.d is your IP address).
If you get a banner that looks like this: 220 hostname.domainname ESMTP Sendmail 8.12.8/8.12.8; Tue, 3 Feb 2004 10:40:31 -0800
then you're running Sendmail.
If it looks something liks this: 220 hostname.domainname ESMTP Postfix
then you're running Postfix, which is the common replacement for Sendmail (Postfix often uses the name "sendmail" for it's binary file, but that is just so it will act as a seamless replacement for Sendmail).
I am not sure on your application, but in the rc.firewall script you will need 'LOG --log-level info' after each Drop or Reject. You can put it after any IPTABLES command, but your log file will get extremely large.
Your log will be in 'var/log/'. Usually named something like 'security' or 'firewall'.
The iptraf folder was empty, and the secure files were just logs of when i su'ed.
So i couldn't find it anywhere....
The rc.ssh script IS in my rc.d folder, and when my comp boots, it says it loads, i havn't had a chance to test it yet..
Finally, in my email client, it looks like it doesn't use sendmail, so would it be a good idea to make ti not start at boot (would the best way be removing the permission for the rc.sendmail script?)
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Did you try /var/log/messages or /var/log/debug? Since iptables is a kernel module it might be logging to /var/log/messages by default.
Depending on how your rc scripts work, you can do chkconfig -del sendmail, if you have an /etc/rc.conf you change sendmail=YES to sendmail=NO, or you can just move rc.sendmail to .rc.sendmail (notice the leading period '.').
nope, it is in neither.... messages is information from the boot and printer stuff, no net stuff at all really
debug is filled with this, over & over...
Code:
dhcpcd[161]: dhcpIPaddrLeaseTime=86400 in DHCP server response.
Feb 2 08:58:52 MOFETTE dhcpcd[161]: dhcpT1value is missing in DHCP server response. Assuming 43200 sec
Feb 2 08:58:52 MOFETTE dhcpcd[161]: dhcpT2value is missing in DHCP server response. Assuming 75600 sec
Originally posted by Nis I'm not sure how guarddog works, I use Firestarter, but check its options to see if you can set logging to some place. I'm pretty sure you don't need sendmail; if you use an SMTP server to send your mail you definitely don't. And as for ssh I would have to say it's pretty secure. Everything sent through ssh is encrypted. Setting up is easy: make sure /etc/rc.d/rc.sshd is executable and when you boot the ssh daemon will be started.
i use firestarter too...just wondering how do you log traffic if you close down the window firestarter pops open?
also i am behind a router and whenever i am on the command line(no X running)...i keep getting the output off the UDP packets transferred from my router to my machine...is there any way to turn that off?
Thanks
# Uncomment this to see kernel messages on the console.
#kern.* /dev/console
# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.info;*.!warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/messages
# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/syslog
# Debugging information is logged here.
*.=debug -/var/log/debug
# Private authentication message logging:
authpriv.* -/var/log/secure
# Cron related logs:
cron.* -/var/log/cron
# Mail related logs:
mail.* -/var/log/maillog
# Emergency level messages go to all users:
*.emerg *
# This log is for news and uucp errors:
uucp,news.crit -/var/log/spooler
# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#news.=crit -/var/log/news/news.crit
#news.=err -/var/log/news/news.err
#news.notice -/var/log/news/news.notice
I;'m assuming it should go in messages or syslog, but it is in neither...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.