LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 11-02-2003, 03:35 AM   #1
odin123
Member
 
Registered: May 2002
Location: Lebanon
Distribution: PCLinuxOS
Posts: 80

Rep: Reputation: 15
Security issue in Slackware 9.1


Hi all,

I installed Slackware 9.1 on my laptop a couple of weeks ago and I simply LOVE IT!

RH9 was on my desktop box. On the RH9 system I would every now and then go to sygatetech.com to have my system scanned for open ports, trojans, etc. and ALL results would show that ALL my ports were not only CLOSED but STEALTHED, which is optimal. I also had Guarddog 2.2 running. My RH9 security setting was initially on HIGH, DEFAULT.

Yesterday I decided to take the plunge and installed Slackware 9.1 on the desktop. No more RH9, too slow and bloated for my taste. After doing the usual security things like:

1. editing /etc/inetd.conf and commenting ALL lines
2. disabling ALL services from pkgtool/setup
3. installing Guarddog 2.2 and allowing ONLY DNS, FTP, HTTP, POP3 and SMTP,

I ran the sygatetech scan and, surprise, many ports were NOT STEALTHED, only CLOSED, which is a security hazard. Some of the ports found closed were ftp, ssh, telnet, smtp, dns, dcc, finger, upnp, trojan, tcmp, web, pop3, ident, netbios, https, socks proxy, web proxy.

Why the difference between RH9 and Slack 9.1?
Is RH9 more secure, or is there something I forgot to do, other than editing inetd.conf?

(Simple instructions please!)

Thanks a lot,
odin
 
Old 11-02-2003, 04:09 AM   #2
one
Member
 
Registered: Jul 2003
Distribution: Slackware 9.1
Posts: 87

Rep: Reputation: 15
RH has a simple and configureless GUI for iptables which you set on high

In slackware either you learn iprtables or install a linux firewall like Shorewall
 
Old 11-02-2003, 12:01 PM   #3
Astro
Member
 
Registered: Jan 2003
Location: Ballston Lake, NY
Distribution: Slackware, Debian
Posts: 660

Rep: Reputation: 30
Shorewall

Might I reccomend shorewall and webmin for a quick setup of a firewall. You may need grab the default set of rules for a single homed system but it's still a very good way of doing it. I use it at work and on my home systems. But if you're not wanting to go the shorewall way, grab an iptables script from somewhere and edit it to your liking or write you own.
 
Old 11-02-2003, 05:14 PM   #4
dd78749
LQ Newbie
 
Registered: Oct 2003
Location: Austin, TX USA
Distribution: Slackware 9.1
Posts: 12

Rep: Reputation: 0
Guarddog creates an executable script called "rc.firewall" using iptables (or ipchains depending on your kernel) and places it in /etc. Just move the rc.firewall script to /etc/rc.d and it'll run at startup in complete stealth mode. Or you can leave it where it is (good idea if you use Guarddog to change your configuration alot) and add a startup command to rc..local. Either way works fine.
 
Old 11-02-2003, 09:39 PM   #5
SirLaughAlot
LQ Newbie
 
Registered: Sep 2003
Distribution: Slackware
Posts: 12

Rep: Reputation: 0
Someone correct me if i'm wrong but if your ports are closed, as in there is no daemon listening, then they are secure. For someone to connect to a service and exploit it, there has to be something listening in the first place, because the daemon actually sits and wait for a connection.

Cheers
 
Old 11-02-2003, 09:44 PM   #6
KaiGoth
LQ Newbie
 
Registered: Oct 2003
Distribution: Slack, Slack, and more Slack
Posts: 15

Rep: Reputation: 0
Correct.

Closed means it responds with a RST packet, stealth means it simply ignores it. Stealth is basically meant to hide the fact that anything is at that socket.

"Security through obscurity"

It's not a bad thing, but its not something to really get in a twist about. Either way, there's nothing to exploit.
 
Old 11-03-2003, 09:44 AM   #7
odin123
Member
 
Registered: May 2002
Location: Lebanon
Distribution: PCLinuxOS
Posts: 80

Original Poster
Rep: Reputation: 15
Thanks all for your comments!

I downloaded Shorewall and found that it was beyond my humble Linux-ing capabilities, so maybe later.

dd78749: I followed your advice and placed rc.firewall in /etc/rc.d and everything was fine. Had to open HTTPS for sygatetech to scan, but all were STEALTHED. Excellent!
Thanks again!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
bzip2 1.0.2 Security Issue win32sux Slackware 2 06-13-2005 07:49 PM
phpMyAdmin Security Issue mr_dizzle Linux - Software 2 12-28-2004 01:48 AM
webmin issue, poss security issue bejiita Slackware 3 11-03-2004 07:07 AM
Other type of security issue DazeiHead Linux - Security 3 08-17-2003 08:20 PM
Security issue.. marcoc Linux - Newbie 8 05-01-2002 07:14 AM


All times are GMT -5. The time now is 10:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration