LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-01-2006, 03:50 PM   #16
cucolin@
Member
 
Registered: Nov 2003
Location: USA
Distribution: Ubuntu, CentOS, RedHat
Posts: 416

Original Poster
Rep: Reputation: 31

I'm not using a GUI for this server, its only text mode. Can I still use Firestarter for this? We are using this server to host a Wiki page for our organization, nothing fancy and no sensitive info.

Thanks..
 
Old 09-01-2006, 05:27 PM   #17
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Check out this link. http://easyfwgen.morizot.net/gen/
Answer the questions and have port 80 open when it ask. Then it will build a script ready to go. Just cut and paste to a file and make it executable.

Brian1
 
Old 09-01-2006, 07:44 PM   #18
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
well, looking at your netstat it seems you only have the web server, ssh daemon, and the mysql database running... so i'm not sure why nmap would have reported the other ports as being open... in any case, here's an iptables script that would make sure everything except 22 and 80 are open:
Code:
#!/bin/sh

IPT="/sbin/iptables"

$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P INPUT ACCEPT
$IPT -t mangle -P FORWARD ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -t mangle -P POSTROUTING ACCEPT

$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -p TCP --dport 22 -m state --state NEW -j ACCEPT
$IPT -A INPUT -p TCP --dport 80 -m state --state NEW -j ACCEPT
after executing the script, test your firewall again... once you are sure everything is working well, then you can proceed to make the changes permanent... if you don't know how to do that, just ask...
 
Old 09-03-2006, 09:40 AM   #19
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
@all: your combined suggestions where (about):
- updating,
- performing vulnerability scans,
- running a firewall,
- turning off services,
- mod_security.

So my question to you all is: is there more advice to offer?


Quote:
Originally Posted by isuck@linux
You are ok as long as you know the open ports and the security settings used for those services. / So if you (...) your web server is completely secured you have nothing to worry about."
I think that's what he is asking for. Can you give details, URI's or be more specific in general?


Quote:
Originally Posted by benjithegreat98
search the net for securing certain things (...) bad configuration or misconfiguration will most certainly let intruders in
Same for you. Could you give URI's or provide detailed steps of what to do?
 
Old 09-03-2006, 10:13 AM   #20
J_K9
Member
 
Registered: Nov 2004
Distribution: Slackware 11, Ubuntu 6.06 LTS
Posts: 700

Rep: Reputation: 30
Quote:
Originally Posted by unSpawn
So my question to you all is: is there more advice to offer?
Not unless he gives us MUCH more information

I could recommend mod_security... But what's the point, if he's serving static content?

I gave a link to my Nikto tutorial... And I could provide some quick Nessus instructions if he needed help setting it up and running it against his server.

He now has a firewall running, blocking packets to all ports except 22 and 80.

And instead of disabling the unneeded services... Why not delete them altogether? However, if you want to disable them from the console, a simple Google search for "ubuntu server disable services" led me to this thread: http://ubuntuforums.org/showthread.php?t=243564

To chroot services, follow this tut: http://tazforum.thetazzone.com/viewtopic.php?t=1852 It's very comprehensive.

Another thing I like to do is burn all "core" apps (ie. the ones that are usually replaced with modified, Trojan versions, such as ls) onto a CD-R, and delete them from the system. Then, create symbolic links to the ones on the CD-R (eg. create a symbolic link from /bin/ls to /media/cdrom/ls). This gives you control as to what apps can be run at what time, and can greatly limit the effect an attacker might have on the system and LAN if the whole box is compromised (ie. he breaks out of the chroot jail).

Finally, you might want to look into SELinux, AppArmor, grsecurity, or a similar app/toolkit/etc. These allow you to strictly lock down certain services. So you could, for example, completely lock down Apache to use only the libraries it needs (with read access alone, of course) and have rw access to the directories it needs/should have (eg. htdocs). Thus, even if Apache is compromised, the whole system cannot be taken over.


We can guide him, but we can't spoon-feed him... It's all part of the learning process.

cucolin@ - If you have any more questions, just ask.

Last edited by J_K9; 09-03-2006 at 10:14 AM.
 
Old 09-05-2006, 03:21 PM   #21
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Quote:
Same for you. Could you give URI's or provide detailed steps of what to do?
As requested:

http://xianshield.org/guides/apache2.0guide.html
http://downloads.techrepublic.com.co...9-5697982.html
http://www.bastille-linux.org/jay/Ta...ing-apache.pdf
http://www.petefreitag.com/item/505.cfm
http://www.linux.com/article.pl?sid=04/07/09/1935231
http://www.securityfocus.com/infocus/1694

The 2nd link requires registration. It doesn't have any really specific information in it, but does have some broad suggestions. Could've been better. And of course with many of these suggestions you have to look at what you are doing and examine what you need before you blindly follow these suggestions.
 
Old 09-05-2006, 07:45 PM   #22
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
J_K9, benjithegreat98, thanks for posting more detailed info, I appreciate that. I agree we shouldn't spoonfeed people, but by giving pointers to more info I hope we can entice them to read, improve their knowledge and find out for themselves what to do.
 
Old 09-08-2006, 11:39 AM   #23
cucolin@
Member
 
Registered: Nov 2003
Location: USA
Distribution: Ubuntu, CentOS, RedHat
Posts: 416

Original Poster
Rep: Reputation: 31
Thank you all for your help!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Security test for linux (SSH) SlAiD Linux - Security 4 02-22-2005 12:23 PM
should I bother with configuring security on my linux box if... darkpark Linux - Security 8 12-11-2003 10:37 PM
please test my OrangeB Security Linux! gloomez Linux - Distributions 14 11-02-2003 02:44 PM
How to build a Linux Security / Hack Box Pistol Linux - Newbie 4 10-31-2003 02:36 PM
How should I 'test' my Linux box? AMDPwred Linux - General 8 01-16-2002 11:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration