LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-01-2004, 01:00 PM   #1
Aeiri
Member
 
Registered: Feb 2004
Posts: 307

Rep: Reputation: 30
How secure is my box?


I decided to dive head first into Linux awhile ago. I've been using Slackware for 4-5 months now, and I'm wondering what you guys think of my security...

Here is a list of all the protections I have against intrusion.

- Slackware 9.1 'swaret'd to current
- Very secure root password (10 characters including captials, lowers, numbers, and special characters)
- Very good firewall that uses iptables and only has 2 ports open, with spyware and PeerProtect IP blocking (Jay's Iptables Firewall with PeerProtect module)
- IDS system running as daemon checking every 2 hours (Samhain)
- Nessus scan reports nothing (portscan + vulnerability check)
- F-Prot with QT F-Prot interface (just in case )

And I run this script i wrote every other day or so:

/usr/sbin/upsys:
Quote:
#!/bin/sh
ntpdate time.nist.gov
PeerProtect.pl
firewall-spy-update.pl
/etc/init.d/fw-jay restart
rkhunter -c --skip-keypress
swaret --update
swaret --upgrade -a --verbose
Does this sound pretty good? Anything else I should get?

Last edited by Aeiri; 06-01-2004 at 01:39 PM.
 
Old 06-01-2004, 01:07 PM   #2
Nis
Member
 
Registered: Jul 2003
Location: Virginia
Distribution: Ubuntu Hoary (5.04)
Posts: 550

Rep: Reputation: 31
Maybe a rootkit checker like rkhunter. It checks common binaries for known rootkits and compares the md5 sums to a known good list. I'd be careful with the automatic upgrading with SWareT. Better to use the --extra -u mail flags to email the latest updates to you while updating SWareT (however, swaret's --extra flags are still a little broken. mail should work hopefully).
 
Old 06-01-2004, 01:23 PM   #3
Aeiri
Member
 
Registered: Feb 2004
Posts: 307

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Nis
Maybe a rootkit checker like rkhunter. It checks common binaries for known rootkits and compares the md5 sums to a known good list. I'd be careful with the automatic upgrading with SWareT. Better to use the --extra -u mail flags to email the latest updates to you while updating SWareT (however, swaret's --extra flags are still a little broken. mail should work hopefully).
I have the old packages of swaret and my Slackware CD just in case, it keeps all the tgz's in /var/swaret so it wouldn't be too hard to fix something if it broke.

I'm checking out rkhunter right now, I was thinking about chkrootkit but that looks like it would be better, thanks
 
Old 06-01-2004, 01:42 PM   #4
Aeiri
Member
 
Registered: Feb 2004
Posts: 307

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Nis
Maybe a rootkit checker like rkhunter. It checks common binaries for known rootkits and compares the md5 sums to a known good list. I'd be careful with the automatic upgrading with SWareT. Better to use the --extra -u mail flags to email the latest updates to you while updating SWareT (however, swaret's --extra flags are still a little broken. mail should work hopefully).
Got rkhunter and everything is fine

Also added the line "rkhunter -c --skip-keypress" to the upsys script.
 
Old 06-03-2004, 12:33 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
- Very secure root password (10 characters including captials, lowers, numbers, and special characters)
How about the unprivileged users?

- Very good firewall that uses iptables and only has 2 ports open, with spyware and PeerProtect IP blocking (Jay's Iptables Firewall with PeerProtect module)
With open you mean you're running 2 services? Which ones?

- IDS system running as daemon checking every 2 hours (Samhain)
I'd add a network IDS like Snort.

- Nessus scan reports nothing (portscan + vulnerability check)
There's lotsa tools on the local side that you could run to check the system if you want to. I'd minimally run Tiger once in a while.

- F-Prot with QT F-Prot interface (just in case )
Not necessary for Linux itself, but I run some AV too, basically cuz it's an easy way to check archives for known exploits.

And I run this script i wrote every other day or so: /usr/sbin/upsys:
Looks cool.

Does this sound pretty good? Anything else I should get?
Not specifically. One thing to realise is not to rely on one tool alone. At the moment Chkrootkit and Rootkit Hunter still complement eachother. Another thing you could do is comb over some of our LQ FAQ: Security references docs about hardening. I know you'll definately find stuff there.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How secure is Mepis out-of-the-box? biased99 MEPIS 3 07-12-2005 04:49 PM
Help Secure my Slackware 9.1 box Smokey Slackware 6 09-16-2004 09:29 AM
How secure is Suse 9.0 out of the box? Larsin Linux - Security 3 03-04-2004 01:44 AM
A good motivation to secure your box chort Linux - Security 1 12-10-2003 01:01 AM
how secure is mandrake v8 out of the box? EnderWiggin Linux - Newbie 2 07-13-2001 08:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration