Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When I google this I get a million results, most of which are either too in-depth to be practical or advertisements for one solution or another.
Is there a general guideline for hardening a linux (kubuntu) system? A set of steps say, to close all ports and disable all listening services like you would do to a windows machine? I can hardly believe that there are NO vulnerable points of attack on a default kubuntu 10.10 install.
I don't know very much right now so I'm looking for someone to help fill in the gaps and translate my knowledge of windows (in)security into a holistic view of how the penguin operates.
It shouldn't matter the flavor of Linux. I don't necessarily agree with the "either too in-depth to be practical" either. In that case, you should skip what you think you don't need, but you should be storing as much information as possible...IMO, deep explanations are much better than little to no information.
One reason you're probably getting so many hits is because of the general nature of hardening. What works for one person isn't going to work for another. Then you have to factor local environments and environment needs (including what is not allowed).
I'd say pick one and go through it. At least you'll learn something (you stated that you "didn't know very much right now"). Once you've an idea what you're reading and applying, maybe read through a few to determine if you can find a better hardening document to implement.
Also, what can be done in Windows doesn't necessarily have to be done in Linux. They aren't the same, so you're going to be learning new things on the Linux side. For example, in most cases, when you restart a service in Linux, you won't have to restart the box. While it won't hurt the machine to restart, I think it is inefficient to restart something that doesn't need to be restarted...also, restarting is apparently the most stressful part of the computing process for a machine. Also, if you're running a server or even a desktop that is serving some content to multiple users (a server, essentially), you disrupt continuity if you have to restart a given machine, and sure, you might give a notice to the users before the restart, but restarting is intrusive to serving nonetheless. Unfortunately, I still read in many Linux docs (mainly Ubuntu and derivatives) the need to restart Linux machine after editing services. That's a Windows mentality that appears to have carried over.
If you REALLY need a recommendation, try the NIST hardening standards.
Just remember to read and understand before implementing - it's possible to do more harm than good if you don't take the time to correctly research the information first.
I should have been more specific, when I said they were too in depth, I meant more in depth than I cared about - that is, I'm concerned over network security in insecure places (I loaded Kubuntu onto a laptop I expect to be in public areas, cafes, airports, etc.) and I'm expecting the "windows needs these services turned off and a firewall added" step, and most of what I'm getting is about bastille, should I take that as a sign that bastille is the correct solution to the problem (does anyone here use it?)
I was expecting to need to do tweaks, but if Bastille will do the job the best it can be done I'll gladly set it up.
EDIT: I should mention that what prompted this was the fact that netstat -an brings up a ton of entries I'm not used to seeing, and even using -tulp gives :ipp, :bootpc, :33923, :mdns, and :59754. I also ran lsof -t -n | egrep 'COMMAND|LISTEN|UDP' and got nothing, so due to what I currently see as inconsistent results, I wanted to post here to ask. I did read a couple guides to start out with, but I want to make sure these are closed down before proceeding.
Last edited by Terran_Ghost; 03-22-2011 at 11:29 AM.
s there a general guideline for hardening a linux (kubuntu) system? A set of steps say, to close all ports and disable all listening services like you would do to a windows machine? I can hardly believe that there are NO vulnerable points of attack on a default kubuntu 10.10 install.
A default installation does not have ports open to the world, unless you install an application that intentionally listens for them. The default firewall is Iptables, which is configured through the command line. There are several GUI wrappers for it such as UCFW and Firestarter if you prefer. The firewall acts more as a shield to prevent connection to unintentionally opened ports rather than a must have because ports are open by default. Each 'server' application you install will have its own weaknesses and techniques for securing it.
Quote:
I'm concerned over network security in insecure places (I loaded Kubuntu onto a laptop I expect to be in public areas, cafes, airports, etc.)
In this case you will probably really like SSH. In addition to letting you remotely connect to your system, via command line and GUI, you can use it to provide a secure (encrypted) tunnel between your remote location and your home PC and use your home Internet connection for your browsing. You can even turn on DNS forwarding so that you use your home DNS server. This way, you can browse safely in a public place with your traffic and destinations encrypted.
As I mentioned above, SSH - being a server application, has its own techniques for securing it. I would recommend using key based authentication (only), not allowing root login, and use an application such as fail2ban to slow down and frustrate would be brute force cracking attempts (though this part isn't strictly necessary).
Quote:
I should mention that what prompted this was the fact that netstat -an brings up a ton of entries I'm not used to seeing, and even using -tulp gives :ipp, :bootpc, :33923, :mdns, and :59754. I also ran lsof -t -n | egrep 'COMMAND|LISTEN|UDP' and got nothing
In addition to the standard TCP and UDP ports, there are a lot of UNIX sockets that are used for inter-process communication. In your netstat you could explicitly ask for the TCP or UDP protocol as well as which ports are listening.
I should have been more specific, when I said they were too in depth, I meant more in depth than I cared about - that is, I'm concerned over network security in insecure places (I loaded Kubuntu onto a laptop I expect to be in public areas, cafes, airports, etc.) and I'm expecting the "windows needs these services turned off and a firewall added" step, and most of what I'm getting is about bastille, should I take that as a sign that bastille is the correct solution to the problem (does anyone here use it?)
I was expecting to need to do tweaks, but if Bastille will do the job the best it can be done I'll gladly set it up.
EDIT: I should mention that what prompted this was the fact that netstat -an brings up a ton of entries I'm not used to seeing, and even using -tulp gives :ipp, :bootpc, :33923, :mdns, and :59754. I also ran lsof -t -n | egrep 'COMMAND|LISTEN|UDP' and got nothing, so due to what I currently see as inconsistent results, I wanted to post here to ask. I did read a couple guides to start out with, but I want to make sure these are closed down before proceeding.
As I said in my earlier post, having too much information is much better than not enough, especially when it comes to security. If it's too much information for you to make an informed decision, bypass that area and return to it later. The goal is to tackle the hardening process gradually, not all at once. There will be some things you won't initially understand, but those issues can be mitigated (security-wise) if, for example, you've a firewall in place...
It shouldn't take Bastille to harden your box (although Bastille is a proven security tool). I'd do it manually, as you'll develop a better understanding of Linux.
Regarding your edit comments, you used 'netstat -tulp' and got results. Using 'lsof -i' should show some of the same results. For example, if you run that nestat command and see rpc.mountd running with the PID of 3198, you should be able to use 'lsof -i | grep 3198' and see the running processes (both TCP and UDP sessions, with the listening service listed as 'LISTEN').
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.