LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-22-2001, 07:21 PM   #1
ltrain
LQ Newbie
 
Registered: May 2001
Posts: 16

Rep: Reputation: 0

Hello All,

I am trying to secure my system (rh 7.0), and all the documentation mentions editing /etc/inetd.conf to meet my needs (allow specific resources to Internet). But - v7.0 uses xinetd.conf, which has very little information in it. Is there another file I should be editing to secure my system? Help?

 
Old 05-23-2001, 09:31 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
For info on xinetd just look at www.xinetd.org :-]

Theres a few sides to safety on a box: users & accounts, network services & access and system & application security.
it all needs time to compile, install & configure, but u should end up with a pretty much secured box.

Users & accounts u can configure tru linuxconf granting & denying them access, PAM for restrictions and the SUDO package for allowing them access to resources owned by root they usually may not work with. Also make sure ure working with shadow passwords.

System & application security uve got to handle by making sure u stay updated on vulnerabilities (links below) and regularly check for signs of smptin weird going on with an intrusion detector/file integrity checker smtpin like chrootkit, aide or tripwire.

Network services & access is handled tru (x)inetd (hopefully compiled with tcpwrappers), a firewall(script) and maybe some sort of detection capability like Portsentry, Snort, IPPL, scandetd etc.

Handling (x)inetd, the first thing is to comment out (put a hash mark in front of the lines) each local service u aint providing to the internet.
*The best way is to comment out EVERYTHING, and to enable stuff if its necessary. Heres a partial checklist on what to disable: echo, discard, daytime, chargen, ftp, telnet, gopher, smtp, nntp, shell, login, exec, talk, ntalk and dtalk, pop-(2 &3), imap, uucp, tftp, bootps, finger, cfinger, systat, netstat, time, auth and linuxconf.
The only service u want to be running is finger if ure on IRC, but replace it with safe_finger.

Open an xterm window and w/o quotes try "ps ax" and note if any of the above are running.
Open /etc/inittab and look for "initdefault" and notice the number, it corresponds with a /etc/rc.d/rc(number).d/ runlevel where each of these services will be stopped/started if u enter the runlevel on boot, or if u switch with telinit (number).
For each of the running services u dont want, change the captial S(tart) in a capital K(ill). Reboot.

Now install a firewall. if uve got a 2.0x kernel its ipfwadm, for 2.2x its ipchains and for 2.4x its iptables.

Go back up in this post and read about securing the rest.

Top it off with some reading material on security:
Security tips: www.cert.org/tech_tips/ and www.cert.org/security-improvement/, www.securityportal.com/research/research.linuxsecurity.html
Top ten vulnerabilities: www.sans.org/topten.htm and www.cert.org/present/cert-overview-trends/index.htm
Firewalling: www.infosyssec.net/infosyssec/firew1.htm, www.linux-firewall-tools.com/linux/
Securing Xwindows: www.uwsg.indiana.edu/usail/external/recommended/xsecure.html

Or, if ure cruisin for links, try n read something else, search/visit these places/ppl that mean something: Sans, cert, auscert, securityfocus, bugtraq, lance spitz, dugsong, loki, robert graham, dave dittrich, wietse venema, fyodor, monark


 
Old 05-23-2001, 11:48 AM   #3
ltrain
LQ Newbie
 
Registered: May 2001
Posts: 16

Original Poster
Rep: Reputation: 0
unSpawn thanks for all of the helpful information! But - when I look in my xinetd.conf file other than 4 default lines - there is nothing else in it. Is there somewhere else I should check to disable services?
 
Old 05-23-2001, 12:09 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
all services run from xinetd.conf, except RPC which needs inetd. just keep the services u want to run, comment (hash) the other services out. restart xinetd. check with "ps ax" if no services are started u dont wanna run. same routine goes for inetd. as an alternative u can disable (x)inetd if u dont plan on running any services.

man xinetd.conf for more...
 
Old 05-23-2001, 03:37 PM   #5
ltrain
LQ Newbie
 
Registered: May 2001
Posts: 16

Original Poster
Rep: Reputation: 0
FYI

I searched through linuxnewbie.org and found from a user who is attempting to do the same as I - another user replied stating RH has changed the configuration for inetd services. You know must run #setup and it will walk you through a gui interface for system configurations (services) + it will stop and restart the services automatically.

 
Old 05-23-2001, 09:20 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
kewl. thnx for the info.
 
Old 05-23-2001, 10:13 PM   #7
ltrain
LQ Newbie
 
Registered: May 2001
Posts: 16

Original Poster
Rep: Reputation: 0
No, thank you for all of the helpful tidbits. I know I will be using most/all of them.

(from previous reply - change know to NOW must run #setup to configure services) - duhhhh
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
xinetd.conf aron Linux - Security 5 12-27-2004 08:39 PM
convert from inetd.conf to xinetd.conf linuxturtle Linux - Networking 7 11-12-2003 05:23 AM
My xinetd.conf is almost empty Wimpie22 Linux - General 2 10-06-2003 01:36 PM
Question about xinetd.conf Typhonian Linux - General 1 09-22-2003 09:28 AM
xinetd.conf dbear Linux - Networking 8 07-20-2003 01:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration