Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am new -- first post. So excuse my low level questions.
I have a new workstation, and I want to develop systems manager skills. The first questions are:
(1) How do I check that my firewall is up, and is it adequate?
(2) I am having difficulty with plugins. What are they?
(3) Every now and then I get a screen saying that I need to install a plugin; I follow the instructions and it says that it cannot do it? So what's going on?
To test your firewall there are a few things I can think of:
GRC's Shields Up is a relatively good test if you're connected to the Internet directly. If you're behind, say, a university firewall, GRC will most likely report that all ports are blocked, which would most likely be due to the university's firewall.
Another thing you can do is to connect to another machine (using a crossover cable, say) and from the other machine, port scan your machine (nmap), ping it. There are more advanced things that you can do such as inspecting packets sent from your main machine, though I don't know any particulars.
Here's a simple firewall script which blocks everything incoming except for connections which already exist and connections through port 6881, for BitTorrent.
Code:
#!/bin/sh
IPT=/usr/sbin/iptables
EXT=eth0
# Flush all entries
$IPT -F
$IPT -X
$IPT -Z
# Drop all connections by default
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
# Allow connections through loopback device
$IPT -A INPUT -i lo -p all -j ACCEPT
$IPT -A OUTPUT -o lo -p all -j ACCEPT
# Allow incoming connection if they're related or established
$IPT -A INPUT -i $EXT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow connections for BitTorrent
$IPT -A INPUT -p tcp --destination-port 6881 -j ACCEPT
# Allow connections for SSH
$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT
# Allow all outgoing packets
$IPT -A OUTPUT -o $EXT -j ACCEPT
# Logging
$IPT -A INPUT -i $EXT -p tcp -j LOG --log-prefix "TCP Connection: "
$IPT -A INPUT -i $EXT -p udp -j LOG --log-prefix "UDP Connection: "
I prefer, and recommend, using iptables rather than some abstraction of it. The syntax may seem a little strange but given the comments, you shouldn't have much difficulty learning how to use it. With this script you get what you ask for (assuming iptables is implemented correctly, which I think is a fair assumption). With an abstraction of iptables, it may not being doing exactly what you want.
btw, Which distribution are you running? Ubuntu, Mandriva, SuSe?[/QUOTE]
RHEL WS 4.0 -- I have new HP workstation xw9300, dual core with 2 AMD Opterons.
[QUOTE={BBI}Nexus{BBI}]What's the name of the FireWall you're using?
I do not know. That is what I meant: how do I check my firewall specs and that it is up and working?
Plugins for what/which program?
When I try a website, I often see a logo in the form of a green piece of a jig-saw puzzle and the following message:
"click here to down load plugin".
When a click to download, it does something for a few seconds and then stops and says, "No suitable plugins were found". the 2nd line says, Unknown Plugin and a button saying "Manual Install". I click this button, and it goes back to the previous jig-saw page?
One other thing, I have recently tried to install the latest versions of rkhunter-1.2.9 and flash-plugin-9.0.31.0-release. When I open the internet (firefox) I can see their 2 blue icons in the bottom left corner of the page, although they do not seem to be doing nay harm there?
I think that I installed the rkhunter ok because I can run it (although I do not get any man pages; and I do not know which are the best options to run it with? I do not think that I installed the flash-plugin properly.
Questions:
(1) Are these icons there permenantly? Or have I done something wrong (most likely)?
(2) How do I get rid of them? Is it safe to remove them? Will I lose anything?
I have moved the rkhunter-1.2.9 file to my root Home directory. Similarly, I had previlously tried to install the latest version of firefox off the web, and I got the tar.rpm file and open it to get a new firefox folder, which is now also in root Home. I do not know whether I did the installation process correctly?
Once you install a latest version from a tar.rpm file, is it safe to delete the tar.rpm file (and the folder that opens up with ti-- firefox in this case) or do you have to keep the new folders and tar.rpm file permenanatly?
I have gone through the instructions, and installed the PERL modules. Then downloaded and run the ftester tar.gz files up to:
# tar -xzf ftester-1.0.tar.gz
and I have created the ftester-1.0 subdirectory.
But from here on I am lost. It says:
" Configuration:
We will need to create a configuration file to tell ftest what packets it should generate.
The definition of the packets we want to send for test if they can traverse the firewall is mainly specified in a configuration file (ftest.conf), the main syntax is:
Source Address:Source Portestination Addressestination Port:Flags:Protocol:Type of Service "
Then a few examples:
# SYN packet to 10.1.7.1 port 80 192.168.0.10:1024:10.1.7.1:80:S:TCP:0
# PSH,ACK reply from 192.168.0.10
192.168.0.10:20:10.1.7.1:1022:AP:TCP:22
# UDP packet
192.168.0.10:53:10.1.7.1:53::UDP:0
Questions:
Where do these numers come from, and what do they mean?
where do I put them?
What do TCP, UDP or ICMP mean, and how do I know which is the proper one for my system?
Yep, you guessed it. These links are useful and I am reading through them.
My task in fairly simple. I want to set up a stand alone machine (for the moment) for heavy scientific number crunching, so the machine configuration is quite simple.
The one thing that is important is security from hackers and viruses etc (the last I understand is not a big problem in linux). I have a limited number of external machines which I want to accesss, and I do not want to give access to anyone else (at the moment) to my machine -- this is nearly a closed system. However, I must connect to the internet for downloads, updates, communications, e-mail etc.
Thus, I need a firewall -- I may already have one already installed, but I do not know how to check. I have followed the instructions given, and I am stuck at the point I mentioned in my previous message.
Basically, how do I know what IP address, and lines that appear in the example, I should put in to my own files for firewall checking purposes?
For example:
# SYN packet to 10.1.7.1 port 80 192.168.0.10:1024:10.1.7.1:80:S:TCP:0
# PSH,ACK reply from 192.168.0.10
192.168.0.10:20:10.1.7.1:1022:AP:TCP:22
# UDP packet
192.168.0.10:53:10.1.7.1:53::UDP:0
The question is, what do I put in into my file instead of
"SYN packet to 10.1.7.1 port 80 192.168.0.10:1024:10.1.7.1:80:S:TCP:0" ?
Where dose the IP address 192.168.0.10 come from? How do I know that it is TCP .. and so on. What port number do I put instead of 'port 80'.
I know that these are quite low level questions, but this is the only thing left for me to do on my machine - it will make me secure only after setting this file up.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.