Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Okay. I know Red Hat 9 is very old and I'm looking to upgrade. But why is my puter such a cracker box? I have to do reinstalls to get things back to normal. I have a router w firewall, there's a firewall with the distro...no avail. Are these tools useful somehow? Mere psychological comfort? What do these do?
I've done quite a bit of reading, but what the information I've yet to acquire is, how does this individual so repeatedly manage to get in? How do I stop it?
(I'm a newbie who basically knows what a mouse does, plus I have spots of beta I've gleaned from selective reading on specific problems. But I lack an overall understanding of how this problem is occuring, and how to deal with this problem once and for all. I thought Linux was supposed to take care of that-feel free to laugh; I won't be offended-but all it's done is make help less acessible. Until I stumbled onto this wonderful community! )
Probably you're leaving some vulnerable service exposed to the Internet. If you're running an unpatched Red hat 9 there are many such things installed, and you are probably running one. Another possibility is weak passwords if you are allowing remote SSH logins (I think this is set up out of the box on RH9). Also, once an attacker gains root access there is little you can do but learn how he got in, reformat, and reinstall, closing the hole in the reinstalled system before connecting it to a network.
Here's the best way to avoid having your system cracked:
1) Run an up to date distribution that has security fixes issued for it. Red Hat 9 is no longersupported, even by the Fedora legacy project, so vulnerabilities will probably go unpatched. Time to ditch it. If you like the "Red Hat" way then Fedora Core 6 is a free download.
2) Keep your system up to date with the latest patches. This can easily be done with yum on Fedora Core systems.
3) Use a firewall and make sure no services are exposed on the Internet. Take the time to learn how to configure the firewall and shut down everything attempting to make an unsolicited connection. Likewise, make sure that there are no servers running that you don't want to be (a firewall would block access anyway if configured properly, but defense in depth is a good thing).
4) Use strong passwords for accounts (8+ characters as a mix of upper case, lower case, numbers, and symbols -- do not base your passwords on real-life words).
5) Monitor your system's logs for any sign of suspicious behavior.
For details on how to do all of these things, read the stickied thread at the top of the forum, containing advice and links from the experts.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
The biggest problem you have is that older versions of RH have a lot of services enabled out of the box and no firewall (IIRC). Since you're a newbie, it would be very difficult to figure out how to go around and lock down all those services, or write an iptables firewall to block them (which might be subject to bypass any way since the kernel is very old and IIRC has iptables vulnerabilities).
By far the simplest thing for you to do would be to download a newer distribution (that has firewall enabled by default and most services turned off) and go from there. Trying to learn security on a fundamentally insecure platform is going to be frustrating. There are some old pros out there who could lock down a RH 9 box and make it secure, but if you don't know how to do that already it's just going to be frustrating to try.
Do whatever you have to in order to download a newer distro (such as Fedora) and burn it to CD so you can install. If you have to borrow a friend's computer, or go to the library and user their computers, or whatever it takes, it will be worth it.
Thank you both for your excellent advice. I'm taking your suggestion and getting a more up-to-date OS: Ubuntu, a distro based on the brand new one. I will also implement your instructions on greater security.
Sad to say, a couple of years ago I was still using Mandrake 8.0! 8.0, for crying out loud. But now I'm getting serious about using the puter and I want to know everything I can about Linux.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
)
8.0, for crying out loud. 
But now I'm getting serious about using the puter and I want to know everything I can about Linux. 
