LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-17-2004, 08:39 AM   #1
heathenx
LQ Newbie
 
Registered: Jan 2004
Posts: 4

Rep: Reputation: 0
locking down suse 9.0 with susefirewall2


hello everyone,

i am trying to lock down my suse 9.0 with susefirewall2. basically, i have a dsl connection that i want to secure. this is just a home box and i have no other network running. it's a stand-alone pc used for internet access and e-mail. i'm not running any extra services (web, ftp, ect.).


right now the way that i have it configured, and after an online port scan, i have 4-5 ports still open (used dslreports port scan). i cannot remeber them off of the top of my head (i'm at work right now), but i think it was ports: 22, 6000, 639 (or 649 not sure) and a couple more.


i still feel a little insecure about it. i've googled and checked many forums already and i can't find a clear susefirewall2 setup for newbies. what do you think? am i ok or do i need to do other things?


using suse9.0 personal edition.
 
Old 05-17-2004, 06:18 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Have you tried using the YaST firewall configuration tool ("Start"-> System->YaST->Security&Users->Firewall)? That should give you a "Wizard" that will walk you through the configuration. If you are not running any services (webserver, filsharing, etc) then don't select any of the check boxes that will open holes in the firewall. Make sure to save the configuration at the end and you should be in good shape. As your firewall is now (actually looks like your firewall is completely open or off entirely) you have several ports open that should really be firewalled.
 
Old 05-18-2004, 08:41 AM   #3
heathenx
LQ Newbie
 
Registered: Jan 2004
Posts: 4

Original Poster
Rep: Reputation: 0
yup, i configured susefirewall2 thru yast2. i took all the defaults and did not check anything...just like it and you recomend that i do. however, after doing this all internet activity stopped. so i went into my etc/sysconfig/susefirewall2 config file and changed a few settings until i was able to get on the net. now that the net is working i feel like i have compromised my system.

i have a dual boot system. when not in linux i use winxp pro with zone alarm. i am soooo used to zone alarm and how to configure it that i feel like a complet retard when trying to configure the firewall in linux.

one of the things that i cannot figure out is how to hide my ip address in linux(or at least spoof it). that's probably in the config somewhere...

i was hoping that one of the forum users would post his/her config file so i can see what to turn on and what to turn off.

thanks for your help.
 
Old 05-18-2004, 10:02 AM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
now that the net is working i feel like i have compromised my system.
Depending on what changes you manually made to it, you still might be alright. Just like with any firewall, once you get it up and runnning, do some testing (port scanning and penetration testing) to see how it holds up. If you opened up a bunch of gaping holes in the firewall, then you might want to re-configure it because it probably isn't secure. If it holds up to testing, then I'd leave it.


If you need to reconfigure though, you should be able to get your firewall working by selecting the following stuff:

First Page
  • Reconfigure Firewall Setting

Second Page
  • External Interface
    -from this drop down box select the interface that is connected to the internet (if you have dsl, it's likely ppp0 or eth0 but use the ifconfig command to list all the interfaces and select the appropriate one). Make sure that it is the right one.
  • Internal Interface
    -if this is a standalone box, then you shouldn't have an internal interface, so leave it at "none"
Third Page
There are a bunch of services listed here. But this page sets up your firewall to allow incoming connections to be made. This would be great if you were running things like a web server, but you aren't so leave it blank

Fourth Page
  • Allow traceroute
    -You can leave this blank if you want, but technically you should allow traceroute to be in compliance with RFC guidelines.
  • Protect all running services
    -I have this selected, but since you are not running any services it might be redundant. Go ahead and select it anyway just to be on the safe side.

Fifth Page
  • Log all Dropped Critical packets
  • Log all Dropped Packets
    -Until you get things working, have this option on so that you can find out where packets are going. Turn it off once you get up and running.
Select Next and save the configuration

one of the things that i cannot figure out is how to hide my ip address in linux(or at least spoof it)
Spoofing your IP address is very easy to do in linux. You basically just reset it to a different one or use a tool like hping or something similar to do it for you. Unfortunately because of the fundamental way in which spoofing works, it is fairly complex to get any of those spoofed packets back. So by spoofing an IP, you will basically break your internet connection. A more accurate description would be to say that it would become a one-way connection, you can send packets out to whomever you like, but the replies will go to the spoofed IP and not your real IP address (so you won't ever see them). There are ways around that, but you'd have to find a way to intercept those replies or have them relayed to your IP. So I don't think that is something you really want to do.
 
Old 05-18-2004, 10:50 AM   #5
heathenx
LQ Newbie
 
Registered: Jan 2004
Posts: 4

Original Poster
Rep: Reputation: 0
ahhh, great! thanks for the tips capt_caveman...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Suse 9.2 locking up / freezing constantly! willcap Suse/Novell 3 03-28-2006 06:28 AM
SUSE 9.2 keeps locking up! viperkt400 Linux - Software 6 02-21-2005 09:14 AM
SuSe 9.0 Crashing / Freezing / Locking up AlanBTN Linux - Newbie 1 06-05-2004 04:22 PM
Setting up custom rules in SuSEfirewall2 on SuSE 9.1 jon_nxt Linux - Networking 0 05-28-2004 03:28 AM
modprobe agpgart locking suse 8.2 paulhuddart Linux - Hardware 1 11-03-2003 05:32 PM


All times are GMT -5. The time now is 05:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration