Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I am having slackware 9.1 and the computer is connected about 10hrs to internet daily.
Now I want to make it secure from outsiders and also want to check and see if its secure.
What do I need to make it secure and are there any online sites that check if the computer is secure when connected to internet?
Assuming you are a normal home user :
- Use a firewall and close every port. Ask someone else to run a portscanner such as nmap to check that all ports are closed.
- Run a rootkit checker such as rkhunter (www.rootkit.nl) from crontab to check your system.
Note : there is a lot more that you can do; but if you are a normal home user with no open ports exposed to the internet, you are in a low risk category so you will have to be pretty unlucky to be hacked (some people get unlucky - you need to make up your mind as to how much effort you want to put into protecting yourself).
I would also recommend grsecurity kernel patches, if you have the knowledge to apply patches (as the attacker may drastically need to modify exploit code and shellcode) and compile a kernel. It will make many types of vulnerabilities harder to exploit giving you the advantage of more time to patch the yet unknown vulnerabilities and the chance that the scriptkid will leave..
But first make sure you maintain the patches for the latest known vulnerabilites, use a good firewall configuration and use grsecurity and other extra security like chkrootkit to try and detect when your system still does get compromised.. if you have the knowledge you can also setup another machine as a loghost using software like syslog-ng.
Other things you can do is disable any services that you do not use, and choose secure implementations of services you do use, for example proftpd for ftpd, postfix for smtpd. Also check whether these run as root or not.. they shouldn't.
After that you need to configure these services securely, check if you can further secure these services.
If you have done that you can check if you have any executables setuid to a privileged user or group and check if they need to be setuid.
If you have done that your box will have a very high level of security for a homebox.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
# Stop microsoft snobs on this net // don't log this garbage
iptables -A INPUT -i $EXT_IF -d 220.127.116.11/8 -j DROP
/boggle that has nothing to do with Microsoft, that's multicast. *shakes head sadly*. Lots of non-Microsoft things use multicast, and in fact off the top of my head I'm not aware of any Microsoft protocols that do use multicast.