Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-28-2006, 08:09 PM
|
#1
|
Member
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295
Rep:
|
Securing machine that needs telnet and ftp
Hi! I need a solution for securing a Red Hat machine that requires telnet and ftp access. We are running the latest version of Red Hat Advanced Server and have telnet server running and ftp running. We cannot get rid of these services for secure protocols such as SSH or SFTP. Can any one recommend a solution for hardening the server against attacks. My current setup is a Bastille hardening method but I don't feel its very secure. Are there any other security tips that you Linux Guru's have that can make my box less prone to break in's.
Thanks.
|
|
|
04-28-2006, 09:30 PM
|
#2
|
Senior Member
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534
Rep: 
|
Really not a security expert, but:
-Read the logs.
-Use an intrusion detection system like snort.
-Use chroot.
-Do very strong passwords (ie.: T\O1^d{&R5Re7...) and change them often (some ppl think it's not necessary).
-BSD secure levels are veryvery powerful and easy to enable.
-You can limit IP logging with iptables.
|
|
|
04-29-2006, 12:39 AM
|
#3
|
Member
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295
Original Poster
Rep:
|
Hi! Thanks for the reply one question though should snort be installed on the telnet server itself or on a seperate device?
|
|
|
05-03-2006, 08:55 AM
|
#4
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Telnet has no real vulnerability in itself, the only problem can be sniffing the traffic.
Ftp on the other side is a protocol full of features and as a result can open doors: discovering of hosts behind a NAT router, scanning other hosts by bouncing, sniffing traffic, using a feature of FTP called FXP, and maybe others.
Choose wisely and harden your ftp server (vsftp, the new proftpd, beast-ftp, others I can't remember)
You take the hypothethis that this box will be hacked and that this host should be considered as a weak part of your network.
So you put it out of your network, like in a DMZ. Using iptables or a hardware firewall, there should be no traffic possible from this box to your internal network.
You also will harden a lot this machine (BSD security level, grsec, remove all unwanted service).
You implement chroot for all services (ftp/telnet only because remember you have removed others)
Very good logging mechanism : syslog(-ng) , logcheck,..
Very good backup mechanism
Very good passwords. In fact this is rule number 1.
Integrity check as soon as the box has been installed (doing it after the box has been on internet is theorically too late)
Snort is one step further, install it on a separate box! Putting it on the same may create conflicts that can lower the overall security of your box.
Give it very good network card(s) (I'm wondering if the are no guides to follow in snort doc), 1 will be monitoring the ftp/telnet server, either you look at the result physically on the box or you have another network card to access the console. A switch/hub with port monitoring would ensure you that the snort box will be hard to discover.
You can also put 2 sniffing cards : one on the internet, one after the firewall that protects the ftp/telnet server. But then you have a lot to read.
Everytime you are 100% to have wrong alerts, refine your rules otherwise you are overflowed with logs and won't bother to read them anymore.
|
|
|
05-03-2006, 08:57 AM
|
#5
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Arg double post
sorry
|
|
|
05-04-2006, 07:31 PM
|
#6
|
Member
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295
Original Poster
Rep:
|
Thanks
Thanks for the tips. I'll give your suggestions a go.
|
|
|
All times are GMT -5. The time now is 06:40 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|