Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
09-01-2006, 03:50 PM
|
#16
|
Member
Registered: Nov 2003
Location: USA
Distribution: Ubuntu, CentOS, RedHat
Posts: 416
Original Poster
Rep:
|
I'm not using a GUI for this server, its only text mode. Can I still use Firestarter for this? We are using this server to host a Wiki page for our organization, nothing fancy and no sensitive info.
Thanks..
|
|
|
09-01-2006, 05:27 PM
|
#17
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
Check out this link. http://easyfwgen.morizot.net/gen/
Answer the questions and have port 80 open when it ask. Then it will build a script ready to go. Just cut and paste to a file and make it executable.
Brian1
|
|
|
09-01-2006, 07:44 PM
|
#18
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
well, looking at your netstat it seems you only have the web server, ssh daemon, and the mysql database running... so i'm not sure why nmap would have reported the other ports as being open... in any case, here's an iptables script that would make sure everything except 22 and 80 are open:
Code:
#!/bin/sh
IPT="/sbin/iptables"
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P INPUT ACCEPT
$IPT -t mangle -P FORWARD ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -t mangle -P POSTROUTING ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -p TCP --dport 22 -m state --state NEW -j ACCEPT
$IPT -A INPUT -p TCP --dport 80 -m state --state NEW -j ACCEPT
after executing the script, test your firewall again... once you are sure everything is working well, then you can proceed to make the changes permanent... if you don't know how to do that, just ask...
|
|
|
09-03-2006, 09:40 AM
|
#19
|
Moderator
Registered: May 2001
Posts: 29,415
|
@all: your combined suggestions where (about):
- updating,
- performing vulnerability scans,
- running a firewall,
- turning off services,
- mod_security.
So my question to you all is: is there more advice to offer?
Quote:
Originally Posted by isuck@linux
You are ok as long as you know the open ports and the security settings used for those services. / So if you (...) your web server is completely secured you have nothing to worry about."
|
I think that's what he is asking for. Can you give details, URI's or be more specific in general?
Quote:
Originally Posted by benjithegreat98
search the net for securing certain things (...) bad configuration or misconfiguration will most certainly let intruders in
|
Same for you. Could you give URI's or provide detailed steps of what to do?
|
|
|
09-03-2006, 10:13 AM
|
#20
|
Member
Registered: Nov 2004
Distribution: Slackware 11, Ubuntu 6.06 LTS
Posts: 700
Rep:
|
Quote:
Originally Posted by unSpawn
So my question to you all is: is there more advice to offer?
|
Not unless he gives us MUCH more information
I could recommend mod_security... But what's the point, if he's serving static content?
I gave a link to my Nikto tutorial... And I could provide some quick Nessus instructions if he needed help setting it up and running it against his server.
He now has a firewall running, blocking packets to all ports except 22 and 80.
And instead of disabling the unneeded services... Why not delete them altogether? However, if you want to disable them from the console, a simple Google search for "ubuntu server disable services" led me to this thread: http://ubuntuforums.org/showthread.php?t=243564
To chroot services, follow this tut: http://tazforum.thetazzone.com/viewtopic.php?t=1852 It's very comprehensive.
Another thing I like to do is burn all "core" apps (ie. the ones that are usually replaced with modified, Trojan versions, such as ls) onto a CD-R, and delete them from the system. Then, create symbolic links to the ones on the CD-R (eg. create a symbolic link from /bin/ls to /media/cdrom/ls). This gives you control as to what apps can be run at what time, and can greatly limit the effect an attacker might have on the system and LAN if the whole box is compromised (ie. he breaks out of the chroot jail).
Finally, you might want to look into SELinux, AppArmor, grsecurity, or a similar app/toolkit/etc. These allow you to strictly lock down certain services. So you could, for example, completely lock down Apache to use only the libraries it needs (with read access alone, of course) and have rw access to the directories it needs/should have (eg. htdocs). Thus, even if Apache is compromised, the whole system cannot be taken over.
We can guide him, but we can't spoon-feed him... It's all part of the learning process.
cucolin@ - If you have any more questions, just ask.
Last edited by J_K9; 09-03-2006 at 10:14 AM.
|
|
|
09-05-2006, 07:45 PM
|
#22
|
Moderator
Registered: May 2001
Posts: 29,415
|
J_K9, benjithegreat98, thanks for posting more detailed info, I appreciate that. I agree we shouldn't spoonfeed people, but by giving pointers to more info I hope we can entice them to read, improve their knowledge and find out for themselves what to do.
|
|
|
09-08-2006, 11:39 AM
|
#23
|
Member
Registered: Nov 2003
Location: USA
Distribution: Ubuntu, CentOS, RedHat
Posts: 416
Original Poster
Rep:
|
Thank you all for your help!!
|
|
|
All times are GMT -5. The time now is 07:32 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|