making, checking secure linux box
I am having slackware 9.1 and the computer is connected about 10hrs to internet daily.
Now I want to make it secure from outsiders and also want to check and see if its secure. What do I need to make it secure and are there any online sites that check if the computer is secure when connected to internet? |
This is a job for... TADA, the Security forum!!!
You'll get lots of good answers here. |
Assuming you are a normal home user :
- Use a firewall and close every port. Ask someone else to run a portscanner such as nmap to check that all ports are closed. - Run a rootkit checker such as rkhunter (www.rootkit.nl) from crontab to check your system. Note : there is a lot more that you can do; but if you are a normal home user with no open ports exposed to the internet, you are in a low risk category so you will have to be pretty unlucky to be hacked (some people get unlucky - you need to make up your mind as to how much effort you want to put into protecting yourself). |
I would also recommend grsecurity kernel patches, if you have the knowledge to apply patches (as the attacker may drastically need to modify exploit code and shellcode) and compile a kernel. It will make many types of vulnerabilities harder to exploit giving you the advantage of more time to patch the yet unknown vulnerabilities and the chance that the scriptkid will leave..
But first make sure you maintain the patches for the latest known vulnerabilites, use a good firewall configuration and use grsecurity and other extra security like chkrootkit to try and detect when your system still does get compromised.. if you have the knowledge you can also setup another machine as a loghost using software like syslog-ng. Other things you can do is disable any services that you do not use, and choose secure implementations of services you do use, for example proftpd for ftpd, postfix for smtpd. Also check whether these run as root or not.. they shouldn't. After that you need to configure these services securely, check if you can further secure these services. If you have done that you can check if you have any executables setuid to a privileged user or group and check if they need to be setuid. If you have done that your box will have a very high level of security for a homebox. |
How do I block all the ports?
Also I would like to know what I can do to be protected to the maximum. What is a crontab? |
A crontab is the inputfile for cron, which is a jobscheduler, and executes commands periodically, see crontab(1) manpage... you can edit it with crontab -e .. check the manpage for details.
I will include a sample iptables/netfilter script.. also check netfilter.org Code:
#!/bin/sh |
I am on dial up so I require to modify the file right
|
Quote:
|
dunno, it would surprise me aswell.. much of that script has been ripped from other places, i don't recall that i thought up this rule myself.
|
All times are GMT -5. The time now is 09:25 PM. |