How can I terminate any remote file manipulation, viewing, etc....

be more specific

man kill
man killall

What I want to do is prevent remote file access from anyone with a remote connection.....

Miaviator278 asked you to be more specific.
I think your answer still leaves a lot open.
Please be verbose, add examples for instance.

For example, I want to prevent people from accesing my computer to look at or view files. Meaning anyone who is tryin to access my files from the cable modem. I hope this is descriptive enough. I want to do this as a security measure on my comppputer. One thing in particular I would like to have added encryption on my passwords. I have heard stories of people downloading them and encrypting them within a day. If possible I would like a higher encryption where it would need nearly a super computer to crack it. Also I would like to block some documents on my comppputer from being seen by anybody. Right now I am keeping them on CD-rom. But I would like to move the on the hard drive for easier access. I would also like to access these files from my main home directory although...I do not want other people who could have cracked my password to have access to them. What do you suggest I do?

get the containers they bury nuclear waste in,
put one in a vault
burry it under a mountain
post a 24 hour gaurd

and even then your computer is only as safe as the gaurd....

anyways, are good in the linux console or only the gui?

what you want is firewall software, or a seperate linux machine in your extreme case and an encrypted partition on your hard drive. you may also want network traffic monitor, but your firewall should do that.

I would say if you really want that level of security (i work for the government, and not many people need that kind of security) you need at least one machine as a firewall between the cable modem and your box, with firewalls on both, and you would need to turn off the cable modem, whenever not in use..

just check on LQ, open source software sites, or google, for firewalls, they all come with documentation, also look for partion encryption software.

as far as specific recomendations, be less paranoid, don't store sensitive data on internet connected machines, and your choice of software will be you finding exactly what fits your needs, through product reviews and recomendations.

check /usr/doc and /usr/doc/LINUX-HOW-TO's for a how to on firewalls and encryption...

I am using firestarter right now. Your analogy of the system being as strong as the guard is true. Althoug, the stronger the guard the harder it is to break. And also this is a learning experience for me. I am setting up these security measures to learn how to do them and also to have a secure system. I like having the sense of security nobody is sneaking around on my system. I don;t have anything greatly important on my computer but still like haveing the safetey net that I know my compputer is secure when leaving it on and going to sleep at night.

Take a look at unSpawn's Security References thread at the top of this forum. There are some really good links in there to material that will help you sleep better at night.

I don't see the links you are referring to. To try and be more specific of what I would like to do is: Have an encrypted drive for safe file storage. Is it possible to have a drive comppletelly non-accesible by a non-remote connection? I would also like to get some spyware scanning software and another thing I would like to do is find out if there has been any remote intrusions in the past.

Is it possible to have a drive comppletelly non-accesible by a non-remote connection?
So you want to keep local users who have physical access to the machine from being able to access the drive? You might want to elaborate on why you'd want to do that, as I would think a local user could just walk down the hall to a different computer and login remotely to get around that. If you mean how can you keep people from being able to access then drive remotely, there are ways to do that, but I don't think they really offer any real security. You could write a custom PAM module that unmounts the drive or changes the permissions on it, but getting around that would be fairly trivial.

If you're just concerned about someone hacking your system and looking at whatever is on the drive, you would be better served to just reduce remote access (aka turning off services and using iptables/tcpwrappers) and encrypting the drive. If you use a decent encryption scheme and don't store the password on your computer, I think you're pretty safe. Breaking any of the leading encryption software is still a pretty significant task requiring a massive amount of computing resources. IMHO, you could mount that drive in a publically accessible web directory and feel pretty confident that no one will be able to read what's on it.


another thing I would like to do is find out if there has been any remote intrusions in the past.
That kind of thing is difficult to assess when you're looking for prior intrusions. Usually it's alot more effective to setup some kind of IDS when you first install your system and be a little more pro-active about it. So, aside from just going through all your system logs (including the compressed archives) and looking for abnormal activity, you can install and run chkrootkit to look for trojaned commands and other signs of rootkits. In the future though, you should consider installing something like tripwire or aide on every new install.

I will check some of that stuff out. Sorry, I mean making the HD non-accesible by a remote connection. Will encrypting a drive make the computer run slow? How can I go about encrypting stuff?

Just downloaded and installed chkrootkit and tripwire. The chkrootkit is a nice program and works well. The tripwire I am haveing difficulty with. The program seems to not be installed. I compiled the src and tried tripwire -initialization command. Came up with a file not found error. Not sure what I am doing wrong. Couple questions:

Is there any other commands for chkrootkit besides ./chkrootkit that are helpful.

Is there a GUI for the chkrootkit or tripwire?

How do I install the tripwire?

Should I add any certain ports or IPs to a firewall that are known to be unwanted?
All I need the net for is for web browsing....I dont run any services such as a server from the box.

How am I able to encrypt the drive? Will this slow the machine? Is this the only measure I should take to protect data from being viewed on a remote computer?

Sorry for all the questions but I have to start somewhere to learn Linux.

I compiled the src and tried tripwire -initialization command. Came up with a file not found error.
Not sure what I am doing wrong.
Change to the dir where you unpacked the tripwire source.
Run "./configure (any options you need) 2>&1|tee /tmp/tripconf.log".
Locate errors in /tmp/tripconf.log, and post them here.
BTW, why don't you use the tripwire rpm on the RH 9 cdroms or mirrors?


Is there any other commands for chkrootkit besides ./chkrootkit that are helpful.
If you add "-h" it should give you a listing of args it supports. Without args it will work tru all it's tests, which should always be the default to use unless you need specific info.


Is there a GUI for the chkrootkit or tripwire?
For Chkrootkit, not that I know of. For tripwire the only distro that provides a GUI is Engarde, and that depends on their own implementation of Webmin, called "Webtool". Both Chkrootkit and tripwire should be run regularly, preferably in the background, as cronjobs and have the output mailed. To accomplish that they don't need a GUI.


Should I add any certain ports or IPs to a firewall that are known to be unwanted?
Depends on how you set up your firewall. If you don't ever run network facing services, then you could go for a default policy of DROP and not having to bother with adding IP's.
Be aware though the firewall should not be your only and first line of defense.
If you post what you already did to secure your box, I'll try and add suggestions for what I think is missing.


I dont run any services such as a server from the box.
Hmm. X11R6/XFree68's X server is also a network capable server. Did you disable the option to listen to TCP? Running "netstat -panel -A inet" should show.


How am I able to encrypt the drive?
This usually starts by reading (general) docs for filesystem encryption like Encryption HOWTO, Disk Encryption HOWTO, Disk & email encryption in Linux, EVFS, understanding the benefits, trade-offs and hazards (like forgetting your key: you'll never get your data back), figuring out if you REALLY need this and exploring alternatives like GPG-encrypting data, recompiling your kernel with the international crypto api patches (it's incorporated in 2.6?) and a few userland binaries like mount to handle encrypted drives/volumes.


Will this slow the machine? Is this the only measure I should take to protect data from being viewed on a remote computer?
Probably, yes. No, and disk encryption isn't the first thing to do to secure your box either.


Sorry for all the questions but I have to start somewhere to learn Linux.
Np. Besides, it's what we do here, answering questions, innit?

unSpawn,

Thank you for the help. I got the tripwire installed via RPM. Also the got the chkrootkit working. Should I set this up to send me a daily email of the results on the chkrootkit, how do I do this. Would you reccomend putting the tripwire on an encrypted drive or just on a disk? You mention things as being the first thing to do to secure the box. What do you reccomend I do to do this. Also, how do I get a DROP policy on the internet. I do run gaim, mozilla, and etc will these still work with a DROP policy. Thank you for the help on answering the questions....the linux community is great.

74,
AceTech747