LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-19-2005, 03:08 PM   #1
Geocritter
Member
 
Registered: Jun 2005
Location: Richmond, Virginia
Distribution: Debian, Ubuntu, FreeBSD
Posts: 66

Rep: Reputation: 15
hardening slack?


Hi all,

I'm not sure if this goes into the security forum or not, as I'd really like you slackware folks to advise...

If I install slack 10.1, what do I need to do to secure? I'm on dialup right now, so I'm not AS worried, but we are thinking about dsl, so...

I've seen some sites that are way over my head on what to do, and in the end, my head is just swimming. Can someone simplify me (a checklist, if you will) on what I need to do on a fresh install before putting it on a network?

Thanks,
Dan
 
Old 07-19-2005, 03:18 PM   #2
nukey
Member
 
Registered: Dec 2004
Location: Netherlands
Distribution: Slackware
Posts: 173

Rep: Reputation: 30
Well, first of all you should get rid of any daemons that are running that you don't need (cause they open ports).

First give the output of:

nmap localhost

Mine looks like this
Code:
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
Maybe these are also open on your machine.
For example port 80, wich is httpd (a apache webserver). If i wanted to close port 80 I would make sure httpd isn't running. To stop such a specific daemon you should chmod -x /etc/rc.d/re.daemon-you-want-to-stop. In this case i would do chmod -x /etc/rc.d/rc.httpd
The same goes for most services (for some of them you may have to look a little further, some reside in /etc/inetd.conf for example (ftp and some others).

For the ports to close you could
1) reboot your computer
2) before you chmod -x them you should, for example do ./etc/rc.d/rc.sshd stop


And offcourse you can always use iptables to make it all more secure, but lets start with the above.

Last edited by nukey; 07-19-2005 at 03:22 PM.
 
Old 07-19-2005, 04:00 PM   #3
baskerville
LQ Newbie
 
Registered: Sep 2004
Location: Rio de Janeiro, Brazil
Distribution: Slackware
Posts: 19

Rep: Reputation: 0
Well, let's see it. I'm not in home, so I can't check my own checklist. Some tips I remember:

1. Disable uneeded services, like DNS servers or mail servers. To do it, you only need to 'chmod -x' the respective scripts in /etc/rc.d/ folder. Well, how do you gonna know which service is needed or not? My advise is: be very restrictive. Look inside the scripts and check which daemon is started by it. If you are in a desktop you won't need httpd, mysqld and other network daemons. If you are a web developer and need Apache for testing you sites, it's safer to start it using 'apachectl start' when you're working than to run it as a daemon from the startup.
2. Give a look in the /etc/login.defs file (or something like that). The comments are self-explanatory and can provide a lot of ways for hardening login.
3. There is a file in /etc name 'securetty' or something like this. The uncommented lines defines the terminals the root is allowed to use for logging in. In a very hardened system you can disable all access (comment all lines) and force people to log as an ordinary user and use 'su' to do root jobs.
4. In /etc/sudoers you can restrict who can use the 'su' command and which command the user can do as root. I don't know very well how to configure it, but I think that there is a 'man' page for this file.
5. Ah, evidently: use a firewall. Iptables is very powerful, but hand-configuring it is very very hard for a newbie as I'm. Use Guarddog for doing that. I think it does a good job.
6. Search in Sourceforge.net or in Freshmeat.net for security tools as Nmap, Tripwire, Chkrootkit, SARA (former SATAN, I guess), Logcheck (or Logwatch). It's advisable to run some File Integrity Check Tool just after the installation or the script found in the Post-Installation Checklist HOW-TO.
http://www.tldp.org/HOWTO/Post-Insta...ist/index.html
This script takes a snapshot of the clean system, before you start to do the silly things that makes it unsecure :-) It's useful for rolling back some bad idea or for use as a standard of file integrity.
Schedule the auditing tools in root's crontab file. Check 'man crontab' to see how to use it. It's not very hard. You'll maybe need to write some simple Bash scripts in order to control the command-line options of the programs. For instance, I use scripts in such a manner that the reports are not overwritten, but each new report receives a unique name, is put in a specific folder, chmoded 400 and chatter'ed +i (i.e., made immutable).
7. Check the permissions settings of some important folders. In principle there must be very few world-writable files and not a lot of world-readable files in some important folders. But it's better to do extensive changes only after the forementioned snapshot, for some files in "system" folders needs to be readable even by ordinary users. I don't have a general recommendation in this point. But you can maybe check this file:
http://www.userlocal.com/security/secfileperm.php
(and the parent folder, as well).
Other kind of permission attribute is set with the "chattr" command. Two options are interesting for security purposes: +i to make the file immutable, even for root (but root still can unset this attribute) and +a to make the file only appendable.

Well, there are many other tips, but these are the ones I can remember now. I'm still a newbie, but I grant you that researching the security topic is very addicting. So, I recommend you to pay attention to all the security HOW-TOs, including the marvellous "Secure Programs", for it contains general security considerations too. I recommend this guide too:
http://www.tldp.org/LDP/solrhe/Secur...ution-v2.0.pdf
It is very RedHat-centric but a lot of informations are useful in any Linux Distro.
Good Luck and enjoy Slackware! If I remember something I come back and post it!
 
Old 07-19-2005, 04:10 PM   #4
baskerville
LQ Newbie
 
Registered: Sep 2004
Location: Rio de Janeiro, Brazil
Distribution: Slackware
Posts: 19

Rep: Reputation: 0
Hey,
try these links also:
SLACKWARE security: good list of permissions (I'll use it in my box!) ->
http://members.cox.net/laitcg/new/ss.html
TrinityOS: general hardening. Beware of some things strange to Slack way of life (I'mean some configuration files are different in Slack and RedHatcentric distros) ->
http://www.ecst.csuchico.edu/~dranch...inityOS-c.html
 
Old 07-19-2005, 09:04 PM   #5
justin_p
Member
 
Registered: Jan 2004
Location: Virginia, USA
Distribution: slack 13; I've used it all :)
Posts: 433

Rep: Reputation: 30
For simplicity sake turn off the daemons that you don't need running in the /etc/rc.d/directory. nmap localhost is probably the best way to evaluate. Also, get a copy of guarddog for linuxpackages.net and run it configure a simple firewall. You may need to move it to /etc/rc.d and make it executable with chmod +x /etc/rc.d/rc.firewall. This should be straightforward if you turned off the other serivces. It needs to be in /etc/rc.d in order to start on boot automatically.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with hardening Kernel slug420 Linux - Security 20 12-28-2004 04:34 PM
hardening SuSe 9.0 tekhead2 Linux - Security 1 10-27-2004 06:25 AM
Thoughts on Slack 10 hardening ? schteelhead Linux - Security 5 09-21-2004 12:31 PM
Hardening RH 9 velan Red Hat 4 06-16-2004 07:40 AM
hardening my security Jalalabee Linux - Security 4 01-06-2004 02:40 PM


All times are GMT -5. The time now is 06:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration