LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-12-2002, 06:23 PM   #1
Paradox
LQ Newbie
 
Registered: Nov 2002
Posts: 4

Rep: Reputation: 0
Fresh Install... Now what ?


Well, I don't know if this belongs in the Newbie forum, so I apologize ahead of time if it does.

I am not familiar with Linux Security measures, so is there anything I should do after installing Mandrake 9 to make sure I'm secure ? I have no idea if it's solid right away or not.
(Anyone know where any tutorials/manuals on the subject can be found?)

Thanks ahead of time.
 
Old 11-12-2002, 07:23 PM   #2
Thymox
Senior Member
 
Registered: Apr 2001
Location: Plymouth, England.
Distribution: Mostly Debian based systems
Posts: 4,368

Rep: Reputation: 63
If you're not connecting through a firewall (i.e. you have a direct modem connection), then I would suggest that you at least put the Mandrake default firewall in place. You can do this by going to the Mandrake Control Center and enabling firewalling. As for tutorials and manuals... there are bloody hundreds! Security is a very big area in the computer industry, and a lot of the documentation will be high-level stuff...
 
Old 11-12-2002, 07:32 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
No, the forum choice is excellent I'd say.

First thing is to make a "baseline fingerprint" of all the binaries you've got on your box using Aide, Tripwire, Samhain or similar.
Next you've got to decide what to use the box for, and minimize risk due to exposure, meaning ditch any apps you won't be using *now* (so that excludes apps with reasons like "dunno what it's for but it must be usefull", "I'll look into it" or "I'm sure *gonna* use it"). You can always install later.

If this box will be a server box, ditch GUI stuff like X11, Gnome, KDE, gcc and any daemons you will not be running to minimize risks further.

If this box will be a shell-server box, you will want to look into curbing risks due to users trying to exploit weaknesses.

In any case activate a firewall script if you didn't already, disable running daemons you don't need, run OpenSSH to get remote access and run Bastille as Mandy comes with it IIRC.

All of this preferably *before* you get it hooked up to the network :-]

I'll tack on my reference list as usual, please ask if something ain't clear.

Basic references:
- AUSCERT UNIX Computer Security Checklist (Version 1.1) www.cert.org/tech_tips/AUSCERT_checklist1.1
- Steps for Recovering from a UNIX or NT System Compromise www.cert.org/tech_tips/root_compromise.html
In fact read the whole of http://www.cert.org/tech_tips/
- The CIT Computer Security Handbook: www.cit.nih.gov/security/handbook.html
- Aging stuff from Phrack, good to read back to be sure, like "Unix System Security Issues" www.fc.net/phrack/files/p18/p18-7.html
- SEI stuff like www.sei.cmu.edu/publications/lists.html handling IDS
- Intrusion Detection and Network Auditing on the Internet www.infosyssec.net/infosyssec/intdet1.htm

Top it off with some reading material on security:
- Security tips: www.cert.org/tech_tips/ and www.cert.org/security-improvement/, http://www.securityportal.com/resear...xsecurity.html
- Top ten vulnerabilities: www.sans.org/topten.htm and http://www.cert.org/present/cert-ove...ends/index.htm
- Firewalling: www.infosyssec.net/infosyssec/firew1.htm, www.linux-firewall-tools.com/linux/
- Securing Xwindows: http://www.uwsg.indiana.edu/usail/ex...d/xsecure.html

Basic Linux references:
http://www.sans.org/infosecFAQ/linux/linux_list.htm
- The SANS Reading room: Linux issues (used Google's cache),
- the LASG or Linux Administrator's Security Guide,
- Securing Optimizing Linux RH Edition(1),
- Linux Security HOWTO,
*Linuxsecurity.com have a Quickreference pdf card.
Post-Installation Security Procedures (Linuxjournal)
- Security Quick-Start HOWTO for Linux,
- The Linux-PAM System Administrators' Guide
- Armoring Linux,
- A Short Course on Systems Administration and Security Under Unix(1)
- SAG: The Linux System Administrator's Guide,
- Basics on firewalling: www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
- Basic introduction to building ipchains rules: www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
- Explanation of the Ipchains logformat: logi.cc/linux/ipchains-log-format.php3
- Ipchains log decoder: dsl081-056-052.dsl-isp.net/dmn/decoder/decode.php
- The Iptables HOW-TO: http://people.unix-fu.org/andreasson/index.html
- LQ notes on Linksys security: http://www.linuxquestions.org/questions/showthread.php?postid=157007#post157007
Neohapsis archives: http://www.neohapsis.com
Linux Gazette: http://www.linuxgazette.com
Experts exchange: http://www.experts-exchange.com
Linuxsecurity.com, SecurityFocus.com
Matt's Unix Security Page: http://www.deter.com/unix/
 
Old 11-12-2002, 07:34 PM   #4
JStew
Member
 
Registered: Oct 2002
Location: North Atlanta
Distribution: LFS
Posts: 229

Rep: Reputation: 30
Yes, a firewall is always a good thing even on a Linux machine especially if you have a dedicated 24/7 connection to the internet. Lots of people out there that run the gamut from serious cracker who scans a whole block of IP addresses looking for a certain port that he/she specialize in exploiting to the script kiddie in IRC rooms that is bored and/or wanting to prove himself.

It's good you have Mandy. If I'm not mistaken, Bastille comes with the distro. It is one of the easiest firewall programs to configure. You'll open up a shell, change to root then run: InteractiveBastille
You'll be asked a series of questions, you answer them and then save your selections and the appropriate config files will be set up according to what you tell it. It is also very handy if you plan on doing NAT for internet sharing with other computers you might have lying around. Just make sure you have iptables installed.

Good luck.
 
Old 11-12-2002, 09:00 PM   #5
Paradox
LQ Newbie
 
Registered: Nov 2002
Posts: 4

Original Poster
Rep: Reputation: 0
Wow, they weren't kidding when they say the linux community is the most generous.

Looks like I have a lot of reading to to... Thanks everyone for all the tips and that huge list of resources (unSpawn).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fresh install smity1000 Linux - Software 1 04-08-2005 06:44 PM
On a Fresh install of 10.1, the Nforce drivers refuse to install.. K@rl` Slackware 2 02-25-2005 03:55 AM
fresh install (fresh headache) powadha Slackware 2 03-06-2004 02:03 PM
Fresh RH9 install - oops I forgot to install something blaint Linux - Newbie 5 10-25-2003 01:29 PM
should I do a fresh install? yowwww Linux - General 4 06-06-2003 02:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration