LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-20-2011, 06:27 PM   #1
lpallard
Member
 
Registered: Nov 2008
Location: Milky Way
Distribution: Slackware (various releases)
Posts: 970

Rep: Reputation: 44
Securing a Slackware Laptop


Hi all!

Since I started traveling with my personal laptop (that uses Slack 13.37) I realize the benefit of securing the machine against attackers and other breaches that could expose my information to foreigners.

Since I am at home behind a hardware firewall with very tight rules and uses services such as snort, squidguard, ip tables and other firewall technologies, I feel OK but traveling and connecting my laptop to hotels and cafes wifi's and other networks, I am not 100% confident I am secure and also what would happen if my laptop was to be stolen? Right now, I have nothing except stock Slackware and the KDE login protecting from unauthorized access... not much as you can see.

So I am wondering what is the community's recommendations to make my laptop more secure & minimize the risks of leaking my info? I recognize that it is impossible to be 100% protected but there's gottaa be better than just a simple login to protect from unauthorized access? Firewalls? Intrusion detection on the machine?

Like I said, at home I use SNort, squidguard and other firewall technologies to protect my entire network. What would be recommended to install on a standalone machine?

Thanks!
 
Old 07-21-2011, 05:58 AM   #2
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,007

Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742
Although not a specific answer, US-CERT has posted guidelines for security that may provide you a guide; see http://www.linuxquestions.org/questi...9/#post4420056 or directly at the US-CERT web site http://www.us-cert.gov/cas/techalerts/TA11-200A.html. Lots of good advice.

Outside of the above, you may want to consider encrypting your dive (but that's kind of overkill -- remember, Linux ain't Winders, eh?).

Hope this helps some.
 
Old 07-21-2011, 10:59 AM   #3
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
There's also the NIST guidelines. There are also several Slackware-specific hardening articles listed on Google.

There's also this. And this. This. As well as this.

There's all sorts of information out on the 3xW.

EDIT: A GOOD tool to install would be something like Prey.

Last edited by unixfool; 07-21-2011 at 01:56 PM.
 
Old 07-21-2011, 01:38 PM   #4
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Quote:
Originally Posted by tronayne View Post
Outside of the above, you may want to consider encrypting your dive (but that's kind of overkill -- remember, Linux ain't Winders, eh?).
I don't think it's overkill. If that laptop gets stolen, all your personal and/or business information is up for grabs.
 
Old 07-21-2011, 01:55 PM   #5
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by Wim Sturkenboom View Post
I don't think it's overkill. If that laptop gets stolen, all your personal and/or business information is up for grabs.
That's something a user might or might not do, depending on their requirements. That's a bit different that performing a basic hardening steps (IMO, it goes beyond basic). For someone that is asking how to harden a Linux install, he probably doesn't know all that much about the system to begin with...taking baby steps (by focusing on the easily learned parts) first will help in understanding the more complex parts of the system.

I'd say, focus on hardening the install first and foremost. Then, when things are sufficiently locked down, weigh whether the drive needs to be encrypted.
 
Old 07-21-2011, 03:11 PM   #6
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
Encrypting a drive partition in Linux is not a complex task. On a laptop that is travelled with and might be stolen it is a reasonable and prudent precaution.

What you want to encrypt will determine where in the "hardening" process you start. If you want to encrypt the entire drive using say LUKS then you do the encryption before you install the system. If you only want to encrypt the home partition you can worry about that after you install the system, assuming you create a separate partition for home at install time (always a good idea in any case).

Based solely on the OP's distros and posts I'd say their familiarity should be enough that it wouldn't be onerous.

Of course all the usual advice applies - don't run any services you don't need, make sure all the applications and services you use are up-to-date on patches, configure iptables firewall, or install something like Shorewall or Firestarter to help with the firewall management. The above mentioned Cert and NIST guidelines are well worth consulting as is the SANS w

@W|GGL|T/unixfool ltns!
 
1 members found this post helpful.
Old 07-22-2011, 08:43 AM   #7
biggie_
LQ Newbie
 
Registered: Jul 2011
Distribution: arch,ubuntu
Posts: 17

Rep: Reputation: 1
I encrypt everything using dm-crypt. I don't use swap and boot must be unencrypted.

If I do not encrypt / I there is still information to gather if the laptop is stolen.

When traveling, I believe your biggest security risk is whatever LAN you connect to (assuming / is encrypted). Sniffing, spoofing, monkeyinthemiddle, blah.... I would find a 'secure' way to remote into another server to access internets.
 
1 members found this post helpful.
Old 07-22-2011, 08:51 AM   #8
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by NyteOwl View Post
Encrypting a drive partition in Linux is not a complex task. On a laptop that is travelled with and might be stolen it is a reasonable and prudent precaution.

What you want to encrypt will determine where in the "hardening" process you start. If you want to encrypt the entire drive using say LUKS then you do the encryption before you install the system. If you only want to encrypt the home partition you can worry about that after you install the system, assuming you create a separate partition for home at install time (always a good idea in any case).

Based solely on the OP's distros and posts I'd say their familiarity should be enough that it wouldn't be onerous.

Of course all the usual advice applies - don't run any services you don't need, make sure all the applications and services you use are up-to-date on patches, configure iptables firewall, or install something like Shorewall or Firestarter to help with the firewall management. The above mentioned Cert and NIST guidelines are well worth consulting as is the SANS w

@W|GGL|T/unixfool ltns!
Heya NyteOwl! I really need to get back to IRCing!

Just to clarify:

I agree that a lost/stolen laptop is a bad thing, but it appears that the OP actually wanted to harden the laptop. While encrypting a drive will lessen the chance of access if the laptop is lost/stolen, it won't prevent him from being exposed when using his laptop in a coffee shop (unless I'm seriously mistaken). I still feel that a basic hardening of the laptop is the first step (but then again, if he's constantly on the go, he should probably encrypt his drive sooner than later). He's already done it for use at his home...he just needs to focus on how to lessen a break-in when away from his home network.

OP, in addition to what I stated earlier, a VPN conduit between and outside location and your home would probably be another good idea.
 
1 members found this post helpful.
Old 07-22-2011, 08:52 AM   #9
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by biggie_ View Post

When traveling, I believe your biggest security risk is whatever LAN you connect to (assuming / is encrypted). Sniffing, spoofing, monkeyinthemiddle, blah.... I would find a 'secure' way to remote into another server to access internets.
Bingo!
 
Old 07-23-2011, 01:10 AM   #10
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Quote:
Originally Posted by unixfool View Post
That's something a user might or might not do, depending on their requirements. That's a bit different that performing a basic hardening steps (IMO, it goes beyond basic). For someone that is asking how to harden a Linux install, he probably doesn't know all that much about the system to begin with...taking baby steps (by focusing on the easily learned parts) first will help in understanding the more complex parts of the system.

I'd say, focus on hardening the install first and foremost. Then, when things are sufficiently locked down, weigh whether the drive needs to be encrypted.
My reaction was purely on the 'overkill' statement. I agree that it depends on the user's requirements.

Disk encryption will not help if people can walk into your system while the disk is 'unlocked'. But closing the computer down so the outside world can't access it and the computer gets stolen is equally useless if you need / want to secure sensitive information.
 
Old 07-23-2011, 12:42 PM   #11
lpallard
Member
 
Registered: Nov 2008
Location: Milky Way
Distribution: Slackware (various releases)
Posts: 970

Original Poster
Rep: Reputation: 44
Hey guys! Thanks to ALL for this prevcious input, lots of reading for me to come.... I'll digest all that stuff and probably will ask several questions if nobody minds.

TO start with, I suscribed to the slackware security mailing list. I have never worked with this before so I wonder how it works? I imagine I will get an email whenever somebody posts to the list (like all other mailing lists) but then how do I benefit from it? How do I apply patches?

Yes my intentions are A) to harden the laptop so I minimize my chances of seeing my own stuff on the web and B) make it hard/very hard for somebody to retrieve my info if my machine was stolen.

Quote:
For someone that is asking how to harden a Linux install, he probably doesn't know all that much about the system to begin with...taking baby steps (by focusing on the easily learned parts) first will help in understanding the more complex parts of the system.
I agree/disagree at the same time. I know a lot about Slackware but not enough to harden the system like you said. So in the end, I agree with you: baby steps might work best to learn.
 
Old 07-23-2011, 09:06 PM   #12
lpallard
Member
 
Registered: Nov 2008
Location: Milky Way
Distribution: Slackware (various releases)
Posts: 970

Original Poster
Rep: Reputation: 44
OK so I performed some modifications on my system. I did the following things as a start:

-Modified hosts.allow & .deny to allow only my local machines to communicate with eachothers;
-Disabled root's SSH;
-Disabled root's VNC;
-Disabled all unnecessary services from inetd.conf;
-Installed snort from Slackbuilds.org. I however encountered 2 problems:

1-Following the README.slackware, I updated the ruleset via the script in the readme file but there is no /docs/signatures in any of the tar files I downloaded from https://www.snort.org/snort-rules... I wonder if its because they recently changed the tar files and somehow removed this signatures folder !?

2-When I start snort via the rc script, I get:

Code:
bash-4.1# /etc/rc.d/rc.snort start
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Starting Snort daemon:  /usr/bin/snort -d -D -i any
and Snort does not start, at least there is NO PID files in /var/run...
 
Old 07-24-2011, 05:45 PM   #13
lpallard
Member
 
Registered: Nov 2008
Location: Milky Way
Distribution: Slackware (various releases)
Posts: 970

Original Poster
Rep: Reputation: 44
While investigating the problem with Snort, I have decided to try encryiption but before I get going, I need to ask a few questions:

My current setup looks exactly like this:

/dev/sda1 ==> /boot
/dev/sda2 ==> SWAP
/dev/sda3 ==> Extended
|
===>/dev/sda5 ==> /
|
===>/dev/sda6 ==> /mnt/storage (just an empty mount point for temporaty file storage)

/dev/sdb1 ==> SWAP
/dev/sdb2 ==> Extended
|
===>/dev/sdb5 ==> /home

Can I encrypt this setup (except /boot) without having to wipe my drive and restart fresh?

Once encryption is complete, any risks of not being to backup my data or read/write it? I am thinking about bugs or other caveats I should be aware. I use rsync (rsnapshot) via cron to weekly backup /home/users to my local server. Will I have problems to continue using these FS tools?

I guess this will get me started!
Thanks!!!

Last edited by lpallard; 07-24-2011 at 05:49 PM.
 
Old 07-28-2011, 07:52 PM   #14
lpallard
Member
 
Registered: Nov 2008
Location: Milky Way
Distribution: Slackware (various releases)
Posts: 970

Original Poster
Rep: Reputation: 44
Quote:
bash-4.1# /etc/rc.d/rc.snort start
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Starting Snort daemon: /usr/bin/snort -d -D -i any
Ok I've figured this one out... but I still need guidance for the config file. This has LOTS of options, has anybody configured this before?
 
Old 08-01-2011, 09:40 AM   #15
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by lpallard View Post
Ok I've figured this one out... but I still need guidance for the config file. This has LOTS of options, has anybody configured this before?
For starters, read through the configuration file, as it is heavily commented. Also read any files that were included with the package. While you can use the config file as is, it is very beneficial to edit it based on your needs and so the IDS is customized to your environment. Also, you'll be tuning that file for a bit, until you get things to where you want it...I suggest keeping backups, in case you bork the file or a setting. Also, rely on comments so that you can reference why you changed/added anything. You can also use that file to have the IDS push the logs to a database instead of via a flat file (I do both). The IDS has a lot of moving parts (not even config file specific), so you're going to find yourself reading up on various capabilities of the system. Even if you might not need those capabilities, you're going to have to make a judgement on if you need them or not, which means you'll have to understand the capability first.

But really, installing, configuring, and tuning Snort is something that is outside of the parameters of this thread, as the subject matter is quite large in scope. You'll be learning things about Snort for quite awhile. I suggest hitting up the Snort forums and reading anything related to Snort, so you can become immersed. It isn't something that you're going to master in a week/month/quarter or even a year. Expect lots of time trying to understand the IDS and the log contents.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing my laptop dellthinker Debian 4 06-16-2009 10:40 PM
securing slackware server jcombs_31 Slackware 8 02-14-2006 04:46 PM
Securing Slackware 8.1 Tekime Slackware 9 02-21-2004 09:27 PM
POSTFIX -securing [slackware] darklogik_org Linux - Networking 0 01-24-2004 04:02 AM
Securing slackware 9.0 ematrixxx Linux - Security 1 08-27-2003 09:03 PM


All times are GMT -5. The time now is 01:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration