Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Mandrake (Mandriva) comes with the Shorewall firewall, which is probably one of the better built-in firewalls available. You can modify the firewall through the mandrake configuretion utility
"Start button"->System->Configuration->Configure your computer (if you're familiar with the commandline, you can just use the mcc command instead)
You'll then be prompted for the root password. Once you enter that, you'll be in the Mandrake Control Center. Click the Security tab and the firewall button. From there you should be in a "wizard" type tool for configuring the firewall. Once you've made any changes you like, click the system tab in the Mandrake Control Center, then the "services" button. Scroll down and make sure that "shorewall" is running and that the "on boot" box is checked.
As for antispyware utilities, welcome to linux you don't need them. You do need to make sure that your system is kept updated with current security patches (in MCC, software management -> Updates). Also make sure to use good passwords and turn off any services that you don't need.
Thanks, i found the links in your sig quite usefull aswell. One problem though, many guides are telling me to edit inetd.conf but the file doesnt appear to be on my system. Is there anyway to check what services are loaded on startup in linux and what ones are currently running?
As well as that i ran netstat -an | grep LISTEN and got the following output:
One problem though, many guides are telling me to edit inetd.conf but the file doesnt appear to be on my system.
Your system probably uses xinetd (/etc/xinetd.) instead
Is there anyway to check what services are loaded on startup in linux and what ones are currently running?
At the command line you can use chkconfig --list which will show you which services are started on boot. You can also use the Mandrake Control Center (mcc -> System -> services). To see what is currently running try netstat -pantu (it will give you similar output but will show the service names too)
Should all those entries be there?
Not sure what all of them are. Ports over 1023 can be used any service and are usually dynamically assigned. Port 6000 is an exception to that and is the XServer, which needs to be running in order to have a graphical display. However you can keep it from listening for remote connections by editing the file /etc/X11/xdm/Xservers and adding -nolisten tcp to the end of the line:
:0 local /usr/X11R6/bin/X
(may look like this on Mandrake: :0 local /usr/X11R6/bin/X -deferglyphs 16)
All the other services are listening for local connections only (thats what 127.0.0.1 signifies) and won't accept remote connections. If you want to see what those are services are, use netstat -pantu. But otherwise they don't really represent a security risk.
i found xinetd.d but it was empty. I was also look for init.d and i found a copy of it in /etc/rc.d/init.d and /etc/init.d but both of them were empty aswell. Is this correct or should they have entries?
Aswell as that, i had expected to find shorewall there but it isnt. Does that mean the firewall doesnt start and has to be started manually or is it started some other way?
Not all linux distros use xinetd to run services, which is why you may not see anything in there. If the services are run as "stand-alone" (meaning not run through xinetd) then xinetd could be empty.
Best way to check if services are being started on boot is to use: chkconfig --list | grep on . If shorewall is listed, then it's likely running. You can confirm this by doing /sbin/iptables -L. If the output looks like this, then shorewall is off:
Thanks, shorewall is now up and running with the default policy, which is
Code:
$FW net ACCEPT alert
net all DROP info
all all REJECT info
I have one last question concerning shorewall, is there anyway to change these rules to get it running with "zonealarm like functionality" i.e before any service on my computer accesses the net for the first time it would ask my permission?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.