Securing a Slackware Laptop
 

Hi all!

Since I started traveling with my personal laptop (that uses Slack 13.37) I realize the benefit of securing the machine against attackers and other breaches that could expose my information to foreigners.

Since I am at home behind a hardware firewall with very tight rules and uses services such as snort, squidguard, ip tables and other firewall technologies, I feel OK but traveling and connecting my laptop to hotels and cafes wifi's and other networks, I am not 100% confident I am secure and also what would happen if my laptop was to be stolen? Right now, I have nothing except stock Slackware and the KDE login protecting from unauthorized access... not much as you can see.

So I am wondering what is the community's recommendations to make my laptop more secure & minimize the risks of leaking my info? I recognize that it is impossible to be 100% protected but there's gottaa be better than just a simple login to protect from unauthorized access? Firewalls? Intrusion detection on the machine?

Like I said, at home I use SNort, squidguard and other firewall technologies to protect my entire network. What would be recommended to install on a standalone machine?

Thanks!

Although not a specific answer, US-CERT has posted guidelines for security that may provide you a guide; see http://www.linuxquestions.org/questi...9/#post4420056 or directly at the US-CERT web site http://www.us-cert.gov/cas/techalerts/TA11-200A.html. Lots of good advice.

Outside of the above, you may want to consider encrypting your dive (but that's kind of overkill -- remember, Linux ain't Winders, eh?).

Hope this helps some.

There's also the NIST guidelines. There are also several Slackware-specific hardening articles listed on Google.

There's also this. And this. This. As well as this.

There's all sorts of information out on the 3xW.

EDIT: A GOOD tool to install would be something like Prey.

I don't think it's overkill. If that laptop gets stolen, all your personal and/or business information is up for grabs.

That's something a user might or might not do, depending on their requirements. That's a bit different that performing a basic hardening steps (IMO, it goes beyond basic). For someone that is asking how to harden a Linux install, he probably doesn't know all that much about the system to begin with...taking baby steps (by focusing on the easily learned parts) first will help in understanding the more complex parts of the system.

I'd say, focus on hardening the install first and foremost. Then, when things are sufficiently locked down, weigh whether the drive needs to be encrypted.

Encrypting a drive partition in Linux is not a complex task. On a laptop that is travelled with and might be stolen it is a reasonable and prudent precaution.

What you want to encrypt will determine where in the "hardening" process you start. If you want to encrypt the entire drive using say LUKS then you do the encryption before you install the system. If you only want to encrypt the home partition you can worry about that after you install the system, assuming you create a separate partition for home at install time (always a good idea in any case).

Based solely on the OP's distros and posts I'd say their familiarity should be enough that it wouldn't be onerous.

Of course all the usual advice applies - don't run any services you don't need, make sure all the applications and services you use are up-to-date on patches, configure iptables firewall, or install something like Shorewall or Firestarter to help with the firewall management. The above mentioned Cert and NIST guidelines are well worth consulting as is the SANS w

@W|GGL|T/unixfool ltns!

I encrypt everything using dm-crypt. I don't use swap and boot must be unencrypted.

If I do not encrypt / I there is still information to gather if the laptop is stolen.

When traveling, I believe your biggest security risk is whatever LAN you connect to (assuming / is encrypted). Sniffing, spoofing, monkeyinthemiddle, blah.... I would find a 'secure' way to remote into another server to access internets.

Heya NyteOwl! I really need to get back to IRCing!

Just to clarify:

I agree that a lost/stolen laptop is a bad thing, but it appears that the OP actually wanted to harden the laptop. While encrypting a drive will lessen the chance of access if the laptop is lost/stolen, it won't prevent him from being exposed when using his laptop in a coffee shop (unless I'm seriously mistaken). I still feel that a basic hardening of the laptop is the first step (but then again, if he's constantly on the go, he should probably encrypt his drive sooner than later). He's already done it for use at his home...he just needs to focus on how to lessen a break-in when away from his home network.

OP, in addition to what I stated earlier, a VPN conduit between and outside location and your home would probably be another good idea.

Bingo!

My reaction was purely on the 'overkill' statement. I agree that it depends on the user's requirements.

Disk encryption will not help if people can walk into your system while the disk is 'unlocked'. But closing the computer down so the outside world can't access it and the computer gets stolen is equally useless if you need / want to secure sensitive information.

Hey guys! Thanks to ALL for this prevcious input, lots of reading for me to come.... I'll digest all that stuff and probably will ask several questions if nobody minds.

TO start with, I suscribed to the slackware security mailing list. I have never worked with this before so I wonder how it works? I imagine I will get an email whenever somebody posts to the list (like all other mailing lists) but then how do I benefit from it? How do I apply patches?

Yes my intentions are A) to harden the laptop so I minimize my chances of seeing my own stuff on the web :( and B) make it hard/very hard for somebody to retrieve my info if my machine was stolen.

I agree/disagree at the same time. I know a lot about Slackware but not enough to harden the system like you said. So in the end, I agree with you: baby steps might work best to learn.

OK so I performed some modifications on my system. I did the following things as a start:

-Modified hosts.allow & .deny to allow only my local machines to communicate with eachothers;
-Disabled root's SSH;
-Disabled root's VNC;
-Disabled all unnecessary services from inetd.conf;
-Installed snort from Slackbuilds.org. I however encountered 2 problems:

1-Following the README.slackware, I updated the ruleset via the script in the readme file but there is no /docs/signatures in any of the tar files I downloaded from https://www.snort.org/snort-rules... I wonder if its because they recently changed the tar files and somehow removed this signatures folder !?

2-When I start snort via the rc script, I get:

and Snort does not start, at least there is NO PID files in /var/run...

While investigating the problem with Snort, I have decided to try encryiption but before I get going, I need to ask a few questions:

My current setup looks exactly like this:

/dev/sda1 ==> /boot
/dev/sda2 ==> SWAP
/dev/sda3 ==> Extended
|
===>/dev/sda5 ==> /
|
===>/dev/sda6 ==> /mnt/storage (just an empty mount point for temporaty file storage)

/dev/sdb1 ==> SWAP
/dev/sdb2 ==> Extended
|
===>/dev/sdb5 ==> /home

Can I encrypt this setup (except /boot) without having to wipe my drive and restart fresh?

Once encryption is complete, any risks of not being to backup my data or read/write it? I am thinking about bugs or other caveats I should be aware. I use rsync (rsnapshot) via cron to weekly backup /home/users to my local server. Will I have problems to continue using these FS tools?

I guess this will get me started!
Thanks!!!

Ok I've figured this one out... but I still need guidance for the config file. This has LOTS of options, has anybody configured this before?

For starters, read through the configuration file, as it is heavily commented. Also read any files that were included with the package. While you can use the config file as is, it is very beneficial to edit it based on your needs and so the IDS is customized to your environment. Also, you'll be tuning that file for a bit, until you get things to where you want it...I suggest keeping backups, in case you bork the file or a setting. Also, rely on comments so that you can reference why you changed/added anything. You can also use that file to have the IDS push the logs to a database instead of via a flat file (I do both). The IDS has a lot of moving parts (not even config file specific), so you're going to find yourself reading up on various capabilities of the system. Even if you might not need those capabilities, you're going to have to make a judgement on if you need them or not, which means you'll have to understand the capability first.

But really, installing, configuring, and tuning Snort is something that is outside of the parameters of this thread, as the subject matter is quite large in scope. You'll be learning things about Snort for quite awhile. I suggest hitting up the Snort forums and reading anything related to Snort, so you can become immersed. It isn't something that you're going to master in a week/month/quarter or even a year. Expect lots of time trying to understand the IDS and the log contents.