SlackwareThis Forum is for the discussion of Slackware Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
After having done some checks on my /var/log/secure file I've noticed several attempts from people in Germany, Switzerland, Romania, and the U.S. trying to login to my ftp, ssh, and sendmail ports over the last few weeks. My box is not a server or anything, but I would like to secure it while I'm online. I had done some preliminary work with /etc/inetd.conf but apparently I missed some areas. I had a friend scan me with 7th Sphere Port Scan and he found LOTS of open ports. So, I decided to do some checking into iptables. Since my system isn't always connected (still stuck in dial up), I decided to use the following:
iptables -A INPUT -p tcp --syn -j DROP
This works marvelously. I don't need anyone connecting via ssh or ftp or anything like that so it lets me use the internet and Licq and all other normal online functions without any ports being available to anyone else. I had my friend scan me again after I issued the command and he could find no open ports. However, after I rebooted and had him scan me again, I had LOTS of open ports again.
I don't mind having to type this in every time I boot up, but I would really like to have it stick permanently, or if that can't be done, I'd like to have the command issued at login or start up. All online iptables tutorials I've seen give help on the commands themselves and "iptables --help" does the same as well. Could someone please point me in the right direction for this task?
Thanks for the pointer. I'll look into it tonight when I get home.
I'm currently stuck in dial up land until I get my broadband hooked up. I want to keep the ssh, ftp, etc. so when I do get hooked up with cable, I'll be able to have them. After I get cable and an "always on" connection, I'm going to set up the system as a firewall for my home network and as a proxy for my family. For now though, 33.6Kbps just really isn't worth having all those utilities. I'm hoping to get broadband soon so I can start playing around with networking and security.
The file is rc.local for all local commands on boot but in Slackware its located here :
Regardless, on 33.6 it would take a very patient cracker to wait around to see if your system was worth intruding. I get tons of attempts also from various countries to login via my personal http and ftp servers. All my logs indicated an automated port-scanning/vulnerability check software as many of the attempts to crash my apache server were aimed at common Micrsoft IIS vulnerabilities.
If you do choose to run those services after you get broadband, I highly recommend scanning your logs and checking for ip patterns. Most daemons allow for ip mask blocking of certain ranges for those pesky folks...
Thanks for the info. I started checking my logs about 4 days ago and noticed that someone in Germany has attempted 4 or 5 times in as many days to connect. I didn't really think anyone would have bothered with my system since it really doesn't have anything anyone would want and it's on a slow connection. However, I guess if someone wanted to create a backdoor and use my system to launch any kind of attacks on other systems, they might find my box useful to some extent. To avoid this I decided to go with iptables.
That one IP pattern I caught is the only reason I decided to do any kind of securing. If it only happened once or twice it wouldn't really have bothered me at all. Since my box was pretty much wide open (except I had tweaked sudoers, /etc/inetd.conf, /etc/securetty, and others to prevent any root access remotely), I figured I would be safe.
Do you have any tips on those daemons you mentioned?
Thank you everyone for your suggestions and tips on the file locations. I got it all set up now. NSKL, that link is awesome. I've got it saved to a bookmark now and I'm sure I'll be referencing it in the future again.