LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-14-2005, 09:43 PM   #1
NNP
Member
 
Registered: Nov 2004
Distribution: Debian/Ubuntu
Posts: 156

Rep: Reputation: 30
So what do i need


Hi i just migrated from Xp and im used to having a nice easy time setting up firewalls and antivirus guards etc. but now im totally lost.

Firstly i cant even seem to find any firewalls for linux? And as for spyware is there anything similar to Adware 6 on XP?

Other than a firewall and antivirus is there anything else i should do to secure it?



Thanks,
NNP

Last edited by NNP; 05-14-2005 at 09:53 PM.
 
Old 05-14-2005, 11:59 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Mandrake (Mandriva) comes with the Shorewall firewall, which is probably one of the better built-in firewalls available. You can modify the firewall through the mandrake configuretion utility

"Start button"->System->Configuration->Configure your computer (if you're familiar with the commandline, you can just use the mcc command instead)

You'll then be prompted for the root password. Once you enter that, you'll be in the Mandrake Control Center. Click the Security tab and the firewall button. From there you should be in a "wizard" type tool for configuring the firewall. Once you've made any changes you like, click the system tab in the Mandrake Control Center, then the "services" button. Scroll down and make sure that "shorewall" is running and that the "on boot" box is checked.

As for antispyware utilities, welcome to linux you don't need them. You do need to make sure that your system is kept updated with current security patches (in MCC, software management -> Updates). Also make sure to use good passwords and turn off any services that you don't need.
 
Old 05-15-2005, 08:11 AM   #3
NNP
Member
 
Registered: Nov 2004
Distribution: Debian/Ubuntu
Posts: 156

Original Poster
Rep: Reputation: 30
Thanks, i found the links in your sig quite usefull aswell. One problem though, many guides are telling me to edit inetd.conf but the file doesnt appear to be on my system. Is there anyway to check what services are loaded on startup in linux and what ones are currently running?

As well as that i ran netstat -an | grep LISTEN and got the following output:

Code:
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:5335          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 :::6000                 :::*                    LISTEN
Should all those entries be there?

Thanks,
NNP
 
Old 05-15-2005, 09:59 AM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
One problem though, many guides are telling me to edit inetd.conf but the file doesnt appear to be on my system.
Your system probably uses xinetd (/etc/xinetd.) instead

Is there anyway to check what services are loaded on startup in linux and what ones are currently running?
At the command line you can use chkconfig --list which will show you which services are started on boot. You can also use the Mandrake Control Center (mcc -> System -> services). To see what is currently running try netstat -pantu (it will give you similar output but will show the service names too)

Should all those entries be there?
Not sure what all of them are. Ports over 1023 can be used any service and are usually dynamically assigned. Port 6000 is an exception to that and is the XServer, which needs to be running in order to have a graphical display. However you can keep it from listening for remote connections by editing the file /etc/X11/xdm/Xservers and adding -nolisten tcp to the end of the line:

:0 local /usr/X11R6/bin/X
(may look like this on Mandrake: :0 local /usr/X11R6/bin/X -deferglyphs 16)

All the other services are listening for local connections only (thats what 127.0.0.1 signifies) and won't accept remote connections. If you want to see what those are services are, use netstat -pantu. But otherwise they don't really represent a security risk.
 
Old 05-15-2005, 10:15 AM   #5
NNP
Member
 
Registered: Nov 2004
Distribution: Debian/Ubuntu
Posts: 156

Original Poster
Rep: Reputation: 30
i found xinetd.d but it was empty. I was also look for init.d and i found a copy of it in /etc/rc.d/init.d and /etc/init.d but both of them were empty aswell. Is this correct or should they have entries?

Aswell as that, i had expected to find shorewall there but it isnt. Does that mean the firewall doesnt start and has to be started manually or is it started some other way?

Thanks,
NNP

Last edited by NNP; 05-15-2005 at 10:21 AM.
 
Old 05-15-2005, 01:40 PM   #6
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Not all linux distros use xinetd to run services, which is why you may not see anything in there. If the services are run as "stand-alone" (meaning not run through xinetd) then xinetd could be empty.

Best way to check if services are being started on boot is to use: chkconfig --list | grep on . If shorewall is listed, then it's likely running. You can confirm this by doing /sbin/iptables -L. If the output looks like this, then shorewall is off:
Code:
root@localhost archeron]# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
If the output has a bunch of rules and looks like this, then it's on:
Code:
[root@localhost archeron]# /sbin/iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP      !icmp --  anywhere             anywhere            state INVALID
eth0_in    all  --  anywhere             anywhere
eth1_in    all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info prefix `Shorewall:INPUT:REJECT:'
reject     all  --  anywhere             anywhere
You can also directly turn services on and off with the 'service' command. So to turn shorewall on use: service shorewall start.
 
Old 05-15-2005, 03:08 PM   #7
NNP
Member
 
Registered: Nov 2004
Distribution: Debian/Ubuntu
Posts: 156

Original Poster
Rep: Reputation: 30
Thanks, shorewall is now up and running with the default policy, which is

Code:
$FW	net	ACCEPT	alert
net	all	DROP	info
all	all	REJECT	info
I have one last question concerning shorewall, is there anyway to change these rules to get it running with "zonealarm like functionality" i.e before any service on my computer accesses the net for the first time it would ask my permission?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration