LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-17-2004, 12:16 PM   #1
Vincent_Vega
Member
 
Registered: Nov 2003
Location: Jacksonville, FL
Distribution: Slackware & Arch
Posts: 825

Rep: Reputation: 31
How vulnerable is Linux


I'm really new to linux but I've managed to get things setup pretty nicely. One thing that I did was compile the 2.6.1 kernel and now Firestarter won't run. It says it needs a 2.4 or newer kernel.
How vulnerable is linux? I'm all about security and firewalling my box but right now I'm relying on a firewalled router. How effective is that type of setup?
Any suggestion on my Firestarter problem? I added all of the iptables as modules in my kernel.
Any information is appreciated.
 
Old 01-17-2004, 01:01 PM   #2
iainr
Member
 
Registered: Nov 2002
Location: England
Distribution: Ubuntu 9.04
Posts: 631

Rep: Reputation: 30
Nothing wrong with a firewalled router. Of course, hardening your PCs with firewalls, disabling unwanted services and so on will give you even greater security so its all down to what you want.

I have a firewalled router and no firewalls on PC inside the network at the moment. However, I do disable unused services, keep the systems patched up to date and have good user/password security. So far this has worked fine for me.
 
Old 01-17-2004, 02:05 PM   #3
RolledOat
Member
 
Registered: Feb 2003
Location: San Antonio
Distribution: Suse 9.0 Professional
Posts: 843

Rep: Reputation: 30
http://firestarter.sourceforge.net/

# Supports Linux kernel versions 2.5, 2.4 and 2.2.

You are ahead of the curve with your 2.6 kernel, so you will likely have to edit your iptables files manually, or wait till development catches up with the new kernel. Since you have a router firewall, you should be fine. Even without any rules, if you close all unneeded services, as mentioned, you are quite secure.

R.O.
 
Old 01-17-2004, 08:31 PM   #4
Vincent_Vega
Member
 
Registered: Nov 2003
Location: Jacksonville, FL
Distribution: Slackware & Arch
Posts: 825

Original Poster
Rep: Reputation: 31
Well, that's good to hear! Thanks for the replies. I'm in the process of learning the iptables so in time I'll have my own little firewall going but at least for now I can feel comfortable with the router.
 
Old 01-18-2004, 04:43 AM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Security has much more to do with the skill of the administrator of the system than the operating system itself. Because of Windows' perceived security weaknesses (which are many, it's true) a lot of hobbiests and some large entities (corporations, governments, etc) are moving to other OSs, in particular Linux. The interesting thing is that there has been no evidence to suggest that the move to Linux has resulted in less break-ins or compromises. In fact, some studies show more reported security incidents on Linux than on Windows (and Linux still only has a tiny fraction of the install base). Several high-profile sites, such as the FSF and Debian.org have been compromised very badly.

The truth is that in many cases, users migrating to Linux do not know enough about it to configure it correctly, and/or have a false sense of security and do not bother to lock down their system. In other cases, systems maintained by relative experts (FSF, Debian.org) are cracked despite good controls. This means two things: Linux is extremely vulnerable (at least as much as Windows) if it's not hardened after a default install (in most distributions) and even a well configured system isn't uncrackable. Inspite of great hopes, no OS is bullet-proof, espcially not if you take it for granted.

No matter what OS you have, you should always follow these general rules after installing:
1.) Keep the box unplug from the Internet if at all possible (install from CD-ROM), if you must have an Internet connection to install packages, then make sure it's behind a firewall and nothing can make inbound connections to it, yet.
2.) Remove all packages and users that are not needed
3.) Shutdown and disable any services that remain, but aren't required
4.) Substitute secure services and daemons in the place of insecure ones, such as SSH instead of telnet, sftp instead of ftp (if possible), Postfix instead of Sendmail, vsftp or Pure-ftpd instead of wu-ftpd, etc
5.) Install a Host Intrusion Detection System (HIDS) and have it take a snapshot of your system. It should be configured to generate a warning if any files change. Regenerate your checksums after each step that involves changing files (adding, removing, or editing)
6.) Install a host firewall and configure it (this should deny all inbound connections at the very least, and possibly deny outbound connections except for those needed to function)
7.) Install a Network IDS (NIDS) and configure it to watch traffic to your host
8.) Install a log monitoring program to do some of the dirty work of going through logs for you. Make sure it generates a periodic report and sends it to you some how, such as by e-mail (and remember to check the reports every day!)
9.) Download and install all security updates from your OS and software application vendors. Preferably, this should be done off-line (have the updates on a different host and either connect via the LAN or burn a CD with them). You're still not safe to plug into the Internet since you are probably running some vulnerable software by default.
10.) Recheck all your configurations to make sure none of them have been modified by updates or other packages. Remember to re-run the checksum generator on your HIDS.

You're still not done! Security is an every day process, not a patch-and-forget-it deal. Keep monitoring your reports and logs every day for suspicious activity and make sure to check with your vendors regularly for security updates.

Just a few fun tidbits to consider, in my personal circle of friends and acquaintences the record for the fastest compromised box was a Red Hat Linux 7.1 box compromised 15 minutes after being connected to the Internet. At one point I recall seeing the world record reported by one of the incident reporting centers (I think it was CERT) was 5 minutes, held by a Red Hat Linux 6.0 box. Just because it's not Microsoft doesn't mean it's secure.
 
Old 01-18-2004, 07:38 AM   #6
Vincent_Vega
Member
 
Registered: Nov 2003
Location: Jacksonville, FL
Distribution: Slackware & Arch
Posts: 825

Original Poster
Rep: Reputation: 31
Thanks Chort! That's a great post and it will give me lots to research. I want a secure box just like everyone should so I'll definitely be referring to this post as I set things up.
One thing is for sure - a lot of people, including me, associate Linux with security! I guess one thing that helps maintain system integrity, even after an intrusion, could be avoiding use of the root account?
Thanks again!

Last edited by Vincent_Vega; 01-18-2004 at 07:39 AM.
 
Old 01-18-2004, 07:41 AM   #7
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Then you may have missed my point (I'm not clear from the statement about "Linux associated with security").

I'll make it clearer:
Linux != Security
Good Admin == Security

Hint: If you just rely on Linux to keep you secure, you're going to find a very messy box one of these days (probably sooner, rather than later). Put effort into it, that's the only way to attain some security.

Last edited by chort; 01-18-2004 at 07:43 AM.
 
Old 01-18-2004, 07:44 AM   #8
Vincent_Vega
Member
 
Registered: Nov 2003
Location: Jacksonville, FL
Distribution: Slackware & Arch
Posts: 825

Original Poster
Rep: Reputation: 31
No, your point was perfectly clear and I thank you for taking the time to post all of that information. What I meant by that 'security...' part was that when I made my switch to linux I just thought it wasn't really too vulnerable to attacks. Then the more I read the more I doubted that, so I posted my question. I believe everything you said and securing my box has just moved to the top of my 'To Learn' list!

Last edited by Vincent_Vega; 01-18-2004 at 07:46 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
if linux becomes popular, won't it become more vulnerable than windows lynchpin9 Linux - Security 8 01-25-2006 06:24 AM
Some Linux Distros Found Vulnerable By Default alpha1906 Linux - News 5 03-26-2005 07:03 AM
Linux servers were the most vulnerable????? xgreen Linux - Security 12 02-23-2004 08:55 PM
SpyWare - Linux/UNIX system vulnerable? cmf5150 General 5 01-16-2004 08:25 PM
in what way is Linux less vulnerable than Windows? ryancw Linux - Newbie 18 10-10-2003 04:45 AM


All times are GMT -5. The time now is 12:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration