LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-07-2003, 03:18 AM   #1
yorkshiresteve
LQ Newbie
 
Registered: Jul 2003
Location: West Yorkshire, England
Distribution: Redhat 7.2
Posts: 21

Rep: Reputation: 15
Linux Firewall - Where do I start?


Hi,

I've just got a new root server from One & One, but by default it's just a nice clean install of Redhat 7.2. It comes with Ensim Appliance software, but doesn't have a firewall so all ports are open. This is going to be used as a production server running an online shopping site so security is one of my priorities when setting it up. Has anyone any good tips on the quickest, easiest, and most secure way(s) to lock down my new server?

Thanks,

Steve.
 
Old 07-07-2003, 06:17 AM   #2
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
Yeah, don't run it as a firewall itself. If it is to be a server setup to deliver content then it needs to be in it's own DMZ. What you should do is scour the rc.*'s and disable any and all services you do not need. Then patch any services you do need to the latest levels. Meaning apache, mysql, etc.

Next put that puppy between two firewalls or in a segment off you current firewall. Segment it off your regular LAN.

See http://www.pittech.com/dmz.htm for a lil tidbit I wrote about DMZs
 
Old 07-07-2003, 06:22 AM   #3
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
oh, two other things I would do before placing the server live is install bastille and tripwire.

Last edited by cyph3r7; 07-07-2003 at 06:25 AM.
 
Old 07-07-2003, 06:49 AM   #4
yorkshiresteve
LQ Newbie
 
Registered: Jul 2003
Location: West Yorkshire, England
Distribution: Redhat 7.2
Posts: 21

Original Poster
Rep: Reputation: 15
Sounds great - I'd love to do that much, only we're very limited:
Please see http://www.oneandone.co.uk (We have Root Server II).

We need to move from the shared server that we have at the moment, onto the root server as soon as possible, but obviously not if it's going to be in any way insecure...
 
Old 07-07-2003, 11:26 AM   #5
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
Ah I see now, it is a colocation kinda deal. Sorta your rented server but at their Network Center. Ummm my first thoughts would be to turn off any unused services....sendmail....telnet...etc. That should be a given. And get them to patch the server. Run NMap or Nessus against the box for known vulnerabilities. Document them and ask the hosting provider to patch.

Second they should have a firewall between the net and the server if not you could get screwed especially if you are maintaining billing or payment data in a database on that server.

Call or email them to find out what they can do for you.
 
Old 07-08-2003, 04:26 AM   #6
yorkshiresteve
LQ Newbie
 
Registered: Jul 2003
Location: West Yorkshire, England
Distribution: Redhat 7.2
Posts: 21

Original Poster
Rep: Reputation: 15
Cheers, cyph3r7 - I should have been a little clearer in my original post!

I'll get onto them right away...



Steve.
 
Old 07-09-2003, 03:19 AM   #7
bosnian
LQ Newbie
 
Registered: Jul 2003
Posts: 1

Rep: Reputation: 0
be careful when updating ! some updates might broke your Ensim Appliance ....
 
Old 07-10-2003, 05:00 AM   #8
Dagon
LQ Newbie
 
Registered: Jul 2003
Posts: 5

Rep: Reputation: 0
Don't know about them patching the server. Their root servers are totally hands off from their point of view, you have complete control of the server, they have none.

cyph3r7 the root servers are plugged directly into their net connection backbone so no firewalls.

On a side note, get rid of ensim, it's horrible. I managed to kill it after two days of very gentle prodding.
 
Old 07-10-2003, 10:34 AM   #9
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
Ah well that sounds like fun.

Then certainly setting up iptables on these servers would be a GREAT idea. If they are only offering web content then I guess the minimum would be to see if you could patch Apache, mySql (if used) and other services exposed. Not being familiar with their Ensim product I am don't know it's relationship to other moving parts.

Hmmm I just re-read...RH 7.2. Is the kernel updated to use iptables or do they run a 2.2 kernel? I don't recall what 7.2, gut says 2.4.7. If not I guess ipchains would suffice.
 
Old 07-10-2003, 11:23 AM   #10
Dagon
LQ Newbie
 
Registered: Jul 2003
Posts: 5

Rep: Reputation: 0
It runs 2.4.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Best place to start IPTABLES Firewall? rjw1678 Linux - Security 1 07-06-2005 04:29 PM
SuSE 9.3 firewall won't start Tofo SUSE / openSUSE 4 07-04-2005 08:56 PM
rc.firewall fails to start hubabuba Slackware 3 04-05-2005 05:17 AM
stop/start firewall matt1982 Debian 6 11-12-2004 07:17 AM
how to start firewall automatically shanenin Linux - Software 10 10-26-2003 03:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration