Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-27-2005, 10:25 AM
|
#1
|
Member
Registered: Feb 2005
Posts: 40
Rep:
|
Ahh.. first install complete!
Wow! I suceeded. I got everything installed this morning and it went well.
My Cpu is an AMD 500, 96 MB ram and 27 Gig Drive.. my too to learn...
Mandrake 9.1 is up and running!! Seeing as my main goal is to use that Linux machine as a server for personal pages I am documenting my progress. Please be advised that this is a site in progress but input is always appreciated.
http://lukesplace.dyndns.org
So now what? LOL
I have know clue how to use this thing. I have a lot of reading and playing to do but here is some very important questions I have.
#1. Where and how do I control my server? It just works. All I did was make my site thus far and found a directory in var/www so I put my stuff in there. But I am confused as to where the controls for all this stuff are?
#2. That link above is it safe? I guess this is a wildly open question. But I mean in general?
#3. Now if I only knew how to install stuff or network to my windows XP machine..
LOL If you guys dont have time to answer any of these questions dont worry I will be doing some reading over the next week.
But...
If anyone could give some input I'd appreciate it. I will continue to work on my Linux Learning Experience site later on... I am just taking a break. The Questions link is really the only link that contains additional information at this point.
Cheers,
COol Hand...
|
|
|
02-27-2005, 10:53 AM
|
#2
|
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
|
#1 - Most of the controls for Apache are in the httpd.conf file. That is where you create virtual hosts, control basic operations, etc. You are going to want to spend some time having a look at the Apache documentation site since there is a LOT you can do wiht Apache. If you have some specific ideas, post 'em and maybe we can point you in a specific direction
#2 You are going to want to give some thought to this, but move quickly. If you look at your apache logs, you'll see a lot of people taking a rip at your site. Most of the stuff is Windows trojans/virii that you are immune to, but not everything. Learn how to patch your machine and do it regularly. Install an intrusion detection system like SNORT. Install a file monitoring system like Tripwire or Aide. And above all, make sure that Apache is not running as root. Most distros don't run it as root by default, but make sure. Oh, yeah, be sure you've got a firewall in place.
#3 Installing stuff is easy. With mandrake, you are on an RPM based distro, so have a read through the rpm man page (man rpm in a console window). If you need to install from source code, the commands tend to be ./configure, make and make install.
For networking with Windows, check into using Samba. It is installed on most distros by default and lets your Linux box appear to be a Windows share.
Congrats and welcome to Linux!
|
|
|
02-27-2005, 11:04 AM
|
#3
|
Member
Registered: Feb 2005
Posts: 40
Original Poster
Rep:
|
Thanks for the prompt reply. If I don't have time to figure out all the security issues today I will just turn the CPU off until I do
Cheers,
Cool Hand...
|
|
|
02-27-2005, 11:08 AM
|
#4
|
LQ Newbie
Registered: Feb 2005
Posts: 11
Rep:
|
My friend runs multiple servers and I consulted him about security, the file monitors etc are great to have, the firewall is debatable. I'm running behind a router with a firewall so he said I should be safe.
|
|
|
02-27-2005, 01:45 PM
|
#5
|
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
|
Quote:
I'm running behind a router with a firewall so he said I should be safe.
|
Well, you're not naked, but "safe" is a matter of opinion. I'm behind a router, but I've put firewalls on all my computers. Anything that stays on 24/7 is running Linux and is being monitored with Snort and Aide. I update regularly and I check my logs on a daily basis. And I have serious doubts as to whether I'm being paranoid enough.
The bottom line is that no matter how many lines of defense you put up, it is possible for someone to get through. And given how easy firewalls are in linux (if you don't want to learn iptables, just use a gui like Firestarter) I frankly don't see any excuse not to have one. And given the number of infected servers that show up in my logs every day, there are a LOT of people out there who are clueless or careless about their security.
|
|
|
02-27-2005, 03:27 PM
|
#6
|
LQ Newbie
Registered: Feb 2005
Posts: 11
Rep:
|
Is the Linux firewall enough though? And how would you then go about configuring it so taht it works properly to be: an HTTP server, SQL server, Samba server.
|
|
|
02-27-2005, 04:23 PM
|
#7
|
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
|
Quote:
Is the Linux firewall enough though?
|
Like I said, it is a matter of opinion. Personally, I think the linux firewall is very good and I use it on all my linux boxes. I've got my box serving all three of the programs you're looking at and iptables works nicely. Of course I am also running Snort and Aide. If it is any help, this is what my firewall looks like:
Code:
#!/bin/bash
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#Drop bad packets
#Testing the perl
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP #Drop NEW not SYN
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #Drop SYN-FIN scans
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP #Drop SYN-RST scans
iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP #Drop X-mas scans
iptables -A INPUT -p tcp --tcp-flags ALL FIN -j DROP #Drop nmap FIN scans
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP #Drop null scans
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP #Drop ALL/ALL scans
#Log and Drop almost all reserved (I use 192.168.1.0/0 and bogons
#iptables -A INPUT -i eth0 -s 0.0.0.0/8 -m limit --limit 5/m -j LOG --log-prefix "WARN: Invalid IP "
iptables -A INPUT -i eth0 -s 0.0.0.0/8 -j DROP
#iptables -A INPUT -i eth0 -s 127.0.0.0/8 -m limit --limit 5/m -j LOG --log-prefix "WARN: Invalid IP "
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP
#iptables -A INPUT -i eth0 -s 10.0.0.0/8 -m limit --limit 5/m -j LOG --log-prefix "WARN: Invalid IP "
iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP
#iptables -A INPUT -i eth0 -s 172.16.0.0/12 -m limit --limit 5/m -j LOG --log-prefix "WARN: Invalid IP "
iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#Drop anything heading for sendmail
iptables -A INPUT -i eth0 -p tcp --dport 25 -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Allow SSH
#iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
#Allow FTP
#iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 50000:51000 -j ACCEPT
#Allow HTTP and HTTPS Connections
#iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
#Allow MySQL from internal network only
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 3306 -j ACCEPT
#Allow Webmin from internal network only
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 10000 -j ACCEPT
#Allow SAMBA from internal network only
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport netbios-ssn -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport microsoft-ds -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p udp --dport netbios-ns -j ACCEPT
#Explicitly allow printer IP address
iptables -A OUTPUT -p tcp -d 192.168.1.99 -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#Allow NFS from internal network only
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 111 -j ACCEPT #portmapper
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p udp --dport 111 -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 32765:32768 -j ACCEPT #NFS servers
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p udp --dport 32765:32768 -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 2049 -j ACCEPT #nfsd
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p udp --dport 2049 -j ACCEPT
#Allow Bittorrent
iptables -A INPUT -i eth0 -p tcp --dport 6881 -j ACCEPT
|
|
|
All times are GMT -5. The time now is 05:09 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|