LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-02-2006, 04:58 PM   #1
leosgb
Member
 
Registered: Nov 2004
Location: Brazil
Distribution: Gentoo
Posts: 363

Rep: Reputation: 31
Keep track of logs to find suspicious activity


Hi,

I have a home server running and I would like to:
1) make sure my current iptables are safe for the application (I need SSH and HTTP, will send my settings later because I just lost connection w/ it)
2) how can I log all traffic thru my interface? I would like to know where the request was originated and what it means. Is it possible to add some MAC filtering to the enabled services using iptables?
3) how do I change the port I am running, SSH, say to port XYWZ?

Thanks for any help,
 
Old 03-02-2006, 05:13 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,138

Rep: Reputation: 168Reputation: 168
Hope this helps...
1. You can have your firewall scanned by plenty of sites on the web. Have a look at http://scan.sygatetech.com/ and http://www.hackerwatch.org/probe/ - they should be able to give a report on your open ports.
2. You can log traffic through the interface either by logging with iptables or with a packet sniffer. Have a look at ethereal at http://www.ethereal.com/ and the man page for tcpdump.
3. To change the port that SSH is running on, have a look in /etc/ssh/sshd_config. You can change the port number with the Port entry (make sure you restart SSH). I'd recommend disabling password access and using keys/certs exclusively for SSH.
 
Old 03-04-2006, 05:04 PM   #3
leosgb
Member
 
Registered: Nov 2004
Location: Brazil
Distribution: Gentoo
Posts: 363

Original Poster
Rep: Reputation: 31
Can I use any port for ssh? Even one that is supposed to be used by another service that I dont implement here? ALso, how can I make sure that my SSH and HTTP are safe? I ran the 2 tests you suggested and all they tell me is that those are the onlu open ports I have. I want to know how vulnerable my settings are and how I can increase my secutiry. Thanks for your help.
 
Old 03-04-2006, 06:09 PM   #4
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,138

Rep: Reputation: 168Reputation: 168
You can run SSH on any available port with either the ListenAddress directive:
Code:
ListenAddress 10.0.0.1:2000
ListenAddress 10.0.0.1:2001
Or, the Port directive:
Code:
Port 2000
Port 2001
I'd recommend using keys instead of passwords (PasswordAuthentication no) for SSH, it means that nobody can get in by guessing your password. I'd also suggest not allowing root logins (PermitRootLogin no) and that you use su to get access to privileged accounts.

I'm assuming you're using Apache for your http setup, so I'd recommend having a look at http://httpd.apache.org/docs/2.0/mis...rity_tips.html.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Where I can find firewall logs? Vie Linux - Software 3 02-07-2006 12:15 AM
Suspicious hard drive activity machinemanagement Red Hat 4 08-25-2005 03:28 PM
suspicious log activity hoedad Linux - Newbie 3 07-26-2004 07:33 AM
I need to find an audio recording program with more than one track robster Linux - Software 7 02-23-2004 01:49 AM
Stopping suspicious ICMP activity tarballedtux Linux - Security 1 02-03-2002 07:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration