Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I know I need a GUI for firefox, which I need for Webmin.
Firefox is certainly not the only option for using webmin; whether you can find something else that is fundamentally better may not be clear...but maybe you can just find one for which the exploits are more obscure.
See this for the requirements for using webmin with ssl and see also restricting access (and lots of other stuff) here.
Quote:
I know Snort has a command line interface, but I need the kids to be able to notice and respond quickly to an attack, so I thought the GUI interface might be better than the CLI for that.
A good point. I still don't like the idea, but it may be inevitable, eventually.
Quote:
Agreed. The sophomore on the team (my son) is the ipTables "expert", and he spent spring break week learning (and cursing) it. I've got a subnet set up in my basement; he's using an old PC as his firewall and vim as his editor (more cursing), but he's managed to put together a pretty good bash script to run his firewall. It's not perfect yet, but he's come a long way. I'm having him create similar bash scripts to run the ipTables firewalls on each of the application servers too.
Print the frozentux documentation. Put it in a big binder. Apply edge marks to sections, as required. And keep it safe, but take it with you.
Vim? I only occasionally use a CLI editor, but when I do my editor of choice is Joe, but then I have fond memories of WordStar. But, whatever, it is something that he has to be comfortable with.
Quote:
The toughest part is actually deciding which servers should be permitted to talk to which other servers, and over which ports.
You need to ask yourself the simple question "If I just dropped everything, what would stop working that I need to work and how little can I open up and have just what I need to work, work?"
And, I guess, can I run stuff on non-standard ports, just to make life a little more, err, interesting for team red.
If I can figure out how to get tarpit to work in ipTables, he'd be a very happy camper!
Does this help? I'm still not convinced about the application of tarpits, but there you go. You are hoping to be a PITA to team red (not hack them back, presumably) but are you building a dos/ddos risk on your side?
Quote:
We don't have any control over that. The users and their passwords are given to us the day of the competition, and we can't change them no matter what. <IMPLICATION>The red team will use them to access our network and attack from within</IMPLICATION> So we have to be very sure we have everything nailed down tight.
Hardening scripts, like bastille, no root logins (although you should be good for that, specifically), all the usual stuff.
You don't mention whether you expect the guys on the blue team to have to do stuff (eg, use the internet with a browser) which would open up the opportunities for the red team considerably. And how will you ensure that you have up-to-date software, without risks?
What firewall ports do I need to shut down to prevent someone from outside my network using XFCE?
XFCE needs X11 installed. On my Slackware machines nmap shows tcp 22, 37, 111, and 133 listening before I start XFCE. Once XFCE is started nmap run in a terminal shows tcp 6000 is also now listening due to X11.
You don't mention whether you expect the guys on the blue team to have to do stuff (eg, use the internet with a browser) which would open up the opportunities for the red team considerably. And how will you ensure that you have up-to-date software, without risks?
There's a Green Team, volunteers who will play the users on our network. They'll be given their usernames and passwords, a script of what they should be able to do on our network, and a list of the IP addresses of our servers (web is 123.456.789.50, mail is 123.456.789.100, rdp is 123.456.789.150). There are no clients within our network, but we have to allow authorized users in from outside our network.
Piece of cake, right?
As for software updates, we're given remote access to our boxes a week before the contest, and then we have from 10:00 am to 6:00 pm on Friday to finish setting up our servers (including last-minute updates). The red team starts their attack at 8:00 on Saturday, and has until 4:00 to break us.
Sorry to state the bleedin' obvious, but you mark it as solved and not closed, and there is a difference...
Anyway, a couple more links for you (after all, you can always ignore them)
Tarpits maybe not what you want, but it is about tarpits, and yopu expressed an interest, albeit on behalf of someone else...
And this (more general, on hardening linux, in paticular commercial ones, but a lot of good stuff...but make sure that you read down the page, which I didn't, at first).
And something that seemed to just slip out of reach earlier...if the guys inside are going to do stuff, there are more requirements to meet, and be particularly careful about what they can do, and whether they have a good idea about security stuff and behaving sensibly...and be particularly bothered about DNS as poisoning DNS would give the bad guys an easy way to trick your side into trusting bad sites. There is a lot more to security than ports and firewalls.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.