Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i am trying to lock down my suse 9.0 with susefirewall2. basically, i have a dsl connection that i want to secure. this is just a home box and i have no other network running. it's a stand-alone pc used for internet access and e-mail. i'm not running any extra services (web, ftp, ect.).
right now the way that i have it configured, and after an online port scan, i have 4-5 ports still open (used dslreports port scan). i cannot remeber them off of the top of my head (i'm at work right now), but i think it was ports: 22, 6000, 639 (or 649 not sure) and a couple more.
i still feel a little insecure about it. i've googled and checked many forums already and i can't find a clear susefirewall2 setup for newbies. what do you think? am i ok or do i need to do other things?
Have you tried using the YaST firewall configuration tool ("Start"-> System->YaST->Security&Users->Firewall)? That should give you a "Wizard" that will walk you through the configuration. If you are not running any services (webserver, filsharing, etc) then don't select any of the check boxes that will open holes in the firewall. Make sure to save the configuration at the end and you should be in good shape. As your firewall is now (actually looks like your firewall is completely open or off entirely) you have several ports open that should really be firewalled.
yup, i configured susefirewall2 thru yast2. i took all the defaults and did not check anything...just like it and you recomend that i do. however, after doing this all internet activity stopped. so i went into my etc/sysconfig/susefirewall2 config file and changed a few settings until i was able to get on the net. now that the net is working i feel like i have compromised my system.
i have a dual boot system. when not in linux i use winxp pro with zone alarm. i am soooo used to zone alarm and how to configure it that i feel like a complet retard when trying to configure the firewall in linux.
one of the things that i cannot figure out is how to hide my ip address in linux(or at least spoof it). that's probably in the config somewhere...
i was hoping that one of the forum users would post his/her config file so i can see what to turn on and what to turn off.
now that the net is working i feel like i have compromised my system.
Depending on what changes you manually made to it, you still might be alright. Just like with any firewall, once you get it up and runnning, do some testing (port scanning and penetration testing) to see how it holds up. If you opened up a bunch of gaping holes in the firewall, then you might want to re-configure it because it probably isn't secure. If it holds up to testing, then I'd leave it.
If you need to reconfigure though, you should be able to get your firewall working by selecting the following stuff:
First Page
Reconfigure Firewall Setting
Second Page
External Interface
-from this drop down box select the interface that is connected to the internet (if you have dsl, it's likely ppp0 or eth0 but use the ifconfig command to list all the interfaces and select the appropriate one). Make sure that it is the right one.
Internal Interface
-if this is a standalone box, then you shouldn't have an internal interface, so leave it at "none"
Third Page
There are a bunch of services listed here. But this page sets up your firewall to allow incoming connections to be made. This would be great if you were running things like a web server, but you aren't so leave it blank
Fourth Page
Allow traceroute
-You can leave this blank if you want, but technically you should allow traceroute to be in compliance with RFC guidelines.
Protect all running services
-I have this selected, but since you are not running any services it might be redundant. Go ahead and select it anyway just to be on the safe side.
Fifth Page
Log all Dropped Critical packets
Log all Dropped Packets
-Until you get things working, have this option on so that you can find out where packets are going. Turn it off once you get up and running.
Select Next and save the configuration
one of the things that i cannot figure out is how to hide my ip address in linux(or at least spoof it)
Spoofing your IP address is very easy to do in linux. You basically just reset it to a different one or use a tool like hping or something similar to do it for you. Unfortunately because of the fundamental way in which spoofing works, it is fairly complex to get any of those spoofed packets back. So by spoofing an IP, you will basically break your internet connection. A more accurate description would be to say that it would become a one-way connection, you can send packets out to whomever you like, but the replies will go to the spoofed IP and not your real IP address (so you won't ever see them). There are ways around that, but you'd have to find a way to intercept those replies or have them relayed to your IP. So I don't think that is something you really want to do.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.