LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-12-2002, 12:15 AM   #1
snowbaby
LQ Newbie
 
Registered: Dec 2001
Location: NorCal
Distribution: Mandrake 8.1
Posts: 18

Rep: Reputation: 0
Firewall, netfilter, iptables...?


Hello all...
I see that this is a popular subject and after searching through the threads I'm still unsure of what to do. I'm running Mandrake 8.2 accessing the internet with a cable modem (Motorola Surfboard 4200).

Security-wise what do I need to do?

I've read about iptables, coyote firewall, netfiler and also about 'closing unnecessary ports'.

What would be the best bet for a NEWBIE?

Thanks,
Sam
 
Old 08-12-2002, 04:09 AM   #2
PcHammer
Member
 
Registered: Jan 2001
Location: Ljubljana Slovenija
Distribution: Slackware
Posts: 70

Rep: Reputation: 15
For starters u have to know what ports do you need opened and how secure your netword will be.
Start by reading http://www.tldp.org/HOWTO/Firewall-HOWTO.html

I recomend using iptables (my firewall is based on it ). On this site http://www.linuxguruz.org/iptables/ are some nice examples of firewalls.

I hope this helped a bit.

regards, PcHammer
 
Old 08-12-2002, 12:21 PM   #3
snowbaby
LQ Newbie
 
Registered: Dec 2001
Location: NorCal
Distribution: Mandrake 8.1
Posts: 18

Original Poster
Rep: Reputation: 0
Thanks PCHammer!
I started off reading the site http://www.tldp.org/HOW-TO/Firewall-HOWTO.html but ran into a problem when trying to access the '/etc/inetd.conf' file. I did a Google search and found that in Mandrake 8.2 they use a file called '/etc/xinetd.conf' instead of '/etc/inetd.conf'. I tried to access '/etc/xinetd.conf' (as root) but I got a 'Permission denied'.

Any ideas?

From what I found at http://www.mandrakeuser.org/docs/con...netd.html#conf I think that I should be able to access '/etc/xinetd.conf'.

Thanks,
Sam
 
Old 08-12-2002, 12:49 PM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
For a quickie, try
netstat -tanp
and
netstat -uanp
and find out what your machine says it is listening to.
Xinetd uses a different file format to inetd. You will prob find 'includedir /etc/xinetd.d" in the file. If so, look in this directory and find the setup files for each service xinetd will control.
xinetd takes the SYN request and fires up the servers for you. Saves having them running constantly.
Those you don't want to have running, edit the "disable =" to no.
If you are not sure what theservers do, type man 'server' and have a read...

Regards,
Peter
 
Old 08-12-2002, 02:20 PM   #5
snowbaby
LQ Newbie
 
Registered: Dec 2001
Location: NorCal
Distribution: Mandrake 8.1
Posts: 18

Original Poster
Rep: Reputation: 0
I tried 'netstat -tanp' and here's what I got:

PID/Program name Local Address Foreign Address State
tcp Listen
1160/rpc.statd
tcp Listen
1318/xinetd
tcp Listen
1093/portmap
tcp Listen
1784/X

I've found some useful reading, BUT for some reason I'm still unable to access
'/etc/xinetd.conf'. Everytime I try I get 'Permission denied'.
Any ideas on why that is happening?
Thanks much,
Sam
 
Old 08-12-2002, 02:48 PM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
try
cd /etc
ls -l
and make sure the owner.group is root.root and permissions are 644
-rw-r--r--
If you are logged in as root and can't open the file, I'm stumped...

Also, a correction about the files in /etc/xinetd.d/ directory.
To disable the service, make the "disable =" set to yes.
Brain fade here....
Peter.
 
Old 08-12-2002, 03:14 PM   #7
snowbaby
LQ Newbie
 
Registered: Dec 2001
Location: NorCal
Distribution: Mandrake 8.1
Posts: 18

Original Poster
Rep: Reputation: 0
OK-

I did
cd /etc
ls -l

and it looks like the permissions are 295

Otherwise it it the same:
-rw-r--r-- root.root

I still can't open the file (but it is there). I need to change the permissions to 644?

Thanks,
Sam
 
Old 08-12-2002, 04:35 PM   #8
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 56
Are you root? And these are 644 perms (-rw-r-r--), I don't know how you hacked 295 from it.
 
Old 08-13-2002, 01:52 AM   #9
PcHammer
Member
 
Registered: Jan 2001
Location: Ljubljana Slovenija
Distribution: Slackware
Posts: 70

Rep: Reputation: 15
I'm sorry i'm out of ideas about opening this file


regards, pchammer
 
Old 08-13-2002, 03:22 AM   #10
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
I'm sure there's nothing inside that file you will need to change.
The control files to edit are stored in /etc/xinetd.d/ directory.
This is where you will need to make the changes to enable or disable servers.
Make sure you restart xinetd to make it reread those files.
Regards,
Peter.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Do I really need a netfilter/firewall? Trijicon Linux - Security 6 10-15-2005 04:58 PM
Is iptables/netfilter stateful inspection firewall ? newbieA Linux - Security 3 02-11-2005 08:32 PM
Netfilter / IPtables SWAT Linux - Newbie 3 11-11-2003 09:04 AM
Netfilter/iptables on Linux Debra Programming 1 10-03-2002 07:40 PM
Netfilter/iptables on Linux Debra Linux - General 2 10-03-2002 07:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration