Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok, I am back. Bigjohn, I read your previous post half asleep with one eye half-opened, I didn't see the tinyfirewall bit, so hold a sec before get advanturous with iptables script I suggested, it might not be needed. But close the holes. Now, is there another machine available that youcan use as a "cracking" point? Like your brother's, friend's? I would suggest scanning ports on your machines from this another machine. Nmap is available as a linux client as well as windows http://www.insecure.org/nmap . Download it on the other machine if it isn't there already (ask a permission from the owner of course). Set it up - it comes with a GUI fron-end (nmapfe), fire it up against your IP (to get the IP of your box, on your box execute /sbin/ifconfig ppp0, the line that reads inet addr: XXX.XXX.XXX.XXX - so that XXX.XXX.XXX.XXX is your IP)
if the out put reveales that some of the ports are open - that's the problem, if it says the ports are filtered - you are half-way safe (htere is no such thing like I am secure as Fort Knox). If the command line doesn't look pretty you can always use nmapfe the same idea applies ( you can choose different methods and techniques scanning your ports, but don's scan somebody elses machine - ppl can get unhappy )
P.S. As for Bastille - run as root Bastille-interactive (I believe that what it is called, or Interactive-bastille, hint in the command line type Bastille and hit tab key if nothing happens but a beep, try Inter and hit tab, tab key is command complition key in bash)
Please take a large bag full of thankyou's, and sprinkle them liberally around your desktop/work station/whatever.
The only minor problem that I have is, is what does it all mean? I'm sorry to sound so "thick", but while I know a fair amount about european heavy goods transport regulations, my knowledge of IT (especially linux) is pretty close to zero.
(In a previous life, I was an exceptionally lazy window$ surf drone)
Quote:
Ideas and advice much appreciated, and as usual, in "monkey see, monkey do" language please
.
I have to usually insert the above quote, because while I am (sort of) following what you are telling me, I don't know what to type into a shell/konsole, where I should be as far as files/directories and so on.
I am embarassed beyond belief to have to come across as such a dumb s**t, but until I can climb further up this mountain known as "linux", I need "spoon feeding".
Hence, could you run your previous by me again, in the most basic, patronising and condescending way that you can stomach please. Then I can print it off and try and follow it verbatim.
Ok, my bad I didn't see with my only half-opened eye the quote in your original, and the bag of thankme's is accepted with regard. Thank you. OK, lets start over, the "chart" I drew was an explanation of the ports opened and what to do, basically open up console
[bigjohn@westsussex ~bigjohn]$ /bin/su -
Password:
[root@westsussex~root]# cd /etc/xinited.d
[root@westsussex~root]# ls
The output should look similar to this
now it envolves the use of a text editor, I think you are familiar with pico, right?
[root@westsussex /etc/xinited.d]$ pico chargen
now the file is displayed do you see a line saying disable = no ?
Change it so it reads disable = yes
now save the file (in pico Ctrl-O and enter) and then exit the file with Ctrl-X
the same procedures perform for chargen-udp echo, echo-udp, daytime, daytime-udp, time, time-udp, rsync, rlogin, rexec, telnet, servers, sservices and others - disable as much remote logins as possible
Now, do you have a remote machine that you can use as a "hacking/cracking" point ?
I think that all makes sense. The answer to your last question, is no, I dont (well not personally), but One of the blokes at work is in the local slug and i am sure that he wouldn't mind if I get him to try the nmap thing. Though I will have to arrange it so I can be around when I can watch whats going on, so as to try and understand it.
I will post again when I have had time to append the various bits that you have suggested.
Distribution: Slackware 9.1 + 2.6.0 Kernel, LWN when i get around to it.
Posts: 9
Rep:
HI,
um just thought i drop a msg here to say, ppp leaves a file in /var/run/ppp which actually holds the pid of the current ppp session, so what you can do is type : ...#kill 'cat /var/run/ppp0.pid'
that'll drop your ppp connection everytime, no need to go looking for the pid, although i have read all thru this thread and know that you want to setup firewalling etc, thought you'd be happier for the info.
Distribution: Slackware 9.1 + 2.6.0 Kernel, LWN when i get around to it.
Posts: 9
Rep:
oops sorry john i did get that slightly wrong, not enough coffee me thinks, the command was correct but the path in the beggining of my text was wrong.
/var/run/ppp0.pid <- /var =dir /run = dir ppp0.pid = file
try :
# less /var/run/ppp0.pid
that will show the conents of the file (obviously you know this that much i've read)
but the command
#kill 'cat /var/run/ppp0.pid'
will actually pass the contents of ppp0.pid to kill for you, so no matter what the actually pid of your ppp0 session it will always be killed by the same command.
hope that clears up any confusion.
thanks for the english lesson, to be honest john i should know how to spell i'm from london myself, but i spent too much time doing anything but listening to teachers you know how it is!
Now, while jetblackz has told me what some of this means, i.e. that some of it is servers and stuff?
neo77777 has also given me some pointers about what I should be doing, and while I am trying to follow what he has been saying, I have spent most of my free time in the last week trying to sus out his advice.
So, I have tried the "tinyfirewall" thing mentioned earlier in the thread. But as far as I can see, it doesn't seem to do anything (I wouldn't have a scooby how to monitor it anyway!!!).
I have managed to run up the "bastillechooser" which I have set to "moderate security", though again, how I can see what is happening, god only knows.
The other advice about iptables and their doc section, I have looked at that, but it is all pretty meaningless - technically way over my head.
The "netstat" output above, is what I am getting after trying the things that I have mentioned above, and I am totally lost as far as what I need to "switch off" (as well as how to switch anything off!) and what I need to have running.
Any more suggestions please? (in the kind of language that you might use if you where telling a 10 year old child would be good because then I have a chance of understanding it)
regards
John
p.s. for info, I have managed to learn how to sus the "dropping the connection" thing using the "ps -eH" command to get the pid and kill the connection that way.
Hey, John, I see you are still struggling with that thing, just don't give up. A little trick to save you some typing to kill that damn internet connection:
Code:
#!/bin/sh
PPP_PIDS=`ps -ef|grep -i ppp | grep -v grep | awk '{print $2}'`
for PID in $PPP_PIDS; do
kill -9 $PID
done
Cut this lines and paste them to an empty file (open Gedit or any other editors you might prefer and paste this lines to a new file,)- name that file something like dieinternetdie
and change permissions to execute like this - in an Xterm/Konsole locate this file - most probably it will be in your home directory, and do
[john@westsussex john]$ chmod 755 dieinternetdie
now become root and move this file to /usr/local/bin, as follows
[john@westsussex john]$ /bin/su
Password:
[root@westsussex john]# mv dieinternetdie /usr/local/bin/
Now everytime you run as root
dieinternetdie
it will kill the internet connection.
Hope this helps
righty ho adam and boris, will try both answers later though right now I am waiting for one of the uk phone sales places to get their staff into gear (my girlfriend managed to drop my cell phone down the stairs last night and send it to cell phone heaven! + we are having to "outsource" the shower/bath facilities at the moment - ugh - because we sort of decided to go mad and install a new bathroom last weekend - double ugh - ) so as soon as I have more than 30 seconds spare, i'll "attempt" both of your suggestions!!!!#
regards
John
p.s. I'm sure that I can smell livestock round here somewhere - oh no, it's ok, it's just me!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
)
