LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-02-2013, 01:10 AM   #16
ParanoiaUser
LQ Newbie
 
Registered: Jun 2013
Posts: 13

Original Poster
Rep: Reputation: Disabled

I use Putty for everything i do on my server, i don't even think my provider offers a webadmin tool or anything like that, after looking everywhere in my account the only options I've been able to find were to:
Turn the server on or off, restart , hard reset.
Mount a CD/ISO.
Activate a thing called WAPI (currently disabled by default)

Wasn't able to find anything else.
 
Old 07-02-2013, 01:40 AM   #17
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,283

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
So is that Putty using telnet or ssh?
(Putty is just a tool, not a protocol).
See also filezilla for file txfrs if using a GUI desktop to access the server. Filezilla can use ftp (not recommended) or sftp; just tell it to use port 22 and it'll use sftp automatically.
 
Old 07-02-2013, 03:29 AM   #18
ParanoiaUser
LQ Newbie
 
Registered: Jun 2013
Posts: 13

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by chrism01 View Post
So is that Putty using telnet or ssh?
(Putty is just a tool, not a protocol).
See also filezilla for file txfrs if using a GUI desktop to access the server. Filezilla can use ftp (not recommended) or sftp; just tell it to use port 22 and it'll use sftp automatically.
I use Putty to connect via SSH and i use FireFTP to connect via SFTP.

I don't use any GUI desktop, all command line stuff via Putty .
 
Old 07-03-2013, 02:02 AM   #19
ParanoiaUser
LQ Newbie
 
Registered: Jun 2013
Posts: 13

Original Poster
Rep: Reputation: Disabled
I now use the following INPUT rules in Iptables:
Code:
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 22
2    fail2ban-ssh-ddos  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 22
3    fail2ban-vsftpd  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 21,20,990,989
4    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:111
5    DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:111
6    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25
7    DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:25
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
11   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spts:27000:27030 dpts:1025:65355
12   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:4380 dpts:1025:65355
13   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:27015
14   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:27005
15   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:27020
16   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:26901
17   DROP       all  --  0.0.0.0/0            0.0.0.0/0
Looks good ?

Can probably remove port 111 and 25 from being blocked separately.

Last edited by ParanoiaUser; 07-03-2013 at 11:17 AM.
 
Old 07-05-2013, 11:03 AM   #20
David Trest
Member
 
Registered: Jul 2013
Distribution: CentOS/RHEL, Backtrack, many more.
Posts: 58

Rep: Reputation: Disabled
Looking fine on the firewall side, but that's only one side of the coin.

The other side is what services are running on your box. If you were running a RHEL based system you can use chkconfig, but I understand there's a version for Debian-based systems as well. If you don't have it installed, you should be able to get it via apt-get install chkconfig. Running *just* chkconfig will show you the services starting at each runlevel. Check over each service that is starting up and determine whether or not you need it running. Even something as benign as abrtd (the Red Hat error reporting tool daemon) can have bugs in it that can be exploited to gain further access.

Disable all unneeded services. With chkconfig, you can simply run chkconfig <service> off and it will stop the service from running at init. Once you've made your changes I'd recommend rebooting to ensure that all traces of services disabled/enabled are flushed.

In addition, another thing you must consider is patching. Patching your system regularly will keep it up to date and fix bugs. apt-get is your friend there, running regular "apt-get update;apt-get dist-upgrade" checks will keep your installed software up to date and reduce vulnerabilities.

Running software as an appropriate user is also recommended. I see you're running what looks like a Steam Source server. Make sure it doesn't run as root unless absolutely necessary, and even then see if it can be switched to its own user. This prevents the service from running with escalated privileges should it become compromised.
 
Old 07-10-2013, 01:02 PM   #21
ParanoiaUser
LQ Newbie
 
Registered: Jun 2013
Posts: 13

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by David Trest View Post
Looking fine on the firewall side, but that's only one side of the coin.

The other side is what services are running on your box. If you were running a RHEL based system you can use chkconfig, but I understand there's a version for Debian-based systems as well. If you don't have it installed, you should be able to get it via apt-get install chkconfig. Running *just* chkconfig will show you the services starting at each runlevel. Check over each service that is starting up and determine whether or not you need it running. Even something as benign as abrtd (the Red Hat error reporting tool daemon) can have bugs in it that can be exploited to gain further access.

Disable all unneeded services. With chkconfig, you can simply run chkconfig <service> off and it will stop the service from running at init. Once you've made your changes I'd recommend rebooting to ensure that all traces of services disabled/enabled are flushed.

In addition, another thing you must consider is patching. Patching your system regularly will keep it up to date and fix bugs. apt-get is your friend there, running regular "apt-get update;apt-get dist-upgrade" checks will keep your installed software up to date and reduce vulnerabilities.

Running software as an appropriate user is also recommended. I see you're running what looks like a Steam Source server. Make sure it doesn't run as root unless absolutely necessary, and even then see if it can be switched to its own user. This prevents the service from running with escalated privileges should it become compromised.
Thanks for the suggestion and sorry for the long time it took to reply, i have installed and run chkconfig, here is what came up, i would appreciate any input from you guys on the results:
Code:
acpid                  on
atd                    on
bootlogd               on
bootlogs               on
bootmisc.sh            on
checkfs.sh             on
checkroot.sh           on
console-setup          on
cron                   on
exim4                  on
fail2ban               on
hostname.sh            on
hwclock.sh             on
hwclockfirst.sh        on
ifupdown               on
ifupdown-clean         on
kbd                    on
keyboard-setup         on
killprocs              on
lighttpd               on
module-init-tools      on
mountall-bootclean.sh  on
mountall.sh            on
mountdevsubfs.sh       on
mountkernfs.sh         on
mountnfs-bootclean.sh  on
mountnfs.sh            on
mountoverflowtmp       on
mtab.sh                on
networking             on
nfs-common             on
portmap                on
procps                 on
rc.local               on
rcS                    off
rmnologin              on
rsyslog                on
sendsigs               off
ssh                    on
stop-bootlogd          on
stop-bootlogd-single   on
udev                   on
udev-mtab              on
umountfs               off
umountnfs.sh           off
umountroot             off
urandom                on
vsftpd                 on

Last edited by ParanoiaUser; 07-10-2013 at 01:43 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Someone attempting to hack my server? tiger.woods Linux - Security 10 12-09-2009 08:16 PM
I really need help. Looks like everybody is trying to hack my apache server stormrider_may Linux - Security 2 02-23-2006 06:32 PM
Is my mail server been hack? cojo Linux - Security 2 12-03-2005 06:04 PM
Tryed to hack your own server lately? Kanon Linux - Security 11 01-18-2005 04:50 AM


All times are GMT -5. The time now is 12:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration