LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-29-2018, 04:49 AM   #1
littlebigman
Member
 
Registered: Aug 2008
Posts: 553

Rep: Reputation: 33
Question How to secure this appliance?


Hello,

I just got back from a vacation to find the Linux appliance that runs a couple of personal web servers foobared. Its web server was no longer responding, and while trying to log on through SSH, it said:
Code:
(initramfs) root
/bin/sh: root: not found
So I just reinstalled the whole thing and copied the web data files back into it, but would like to secure it more, even though the appliance sits in a private LAN with the ADSL modem acting as NAT firewall.

Besides moving SSH authentication from password to public/private key, what would you change to those running processes?
Code:
# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:445           0.0.0.0:*               LISTEN      4623/smbd
tcp        0      0 192.168.0.15:445        0.0.0.0:*               LISTEN      4623/smbd
tcp        0      0 127.0.0.1:139           0.0.0.0:*               LISTEN      4623/smbd
tcp        0      0 192.168.0.15:139        0.0.0.0:*               LISTEN      4623/smbd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      4480/nginx: master
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      283/sshd
tcp6       0      0 ::1:445                 :::*                    LISTEN      4623/smbd
tcp6       0      0 ::1:139                 :::*                    LISTEN      4623/smbd
tcp6       0      0 :::22                   :::*                    LISTEN      283/sshd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           298/dhclient
udp        0      0 192.168.0.15:123        0.0.0.0:*                           2060/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           2060/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           2060/ntpd
udp        0      0 192.168.0.255:137       0.0.0.0:*                           4591/nmbd
udp        0      0 192.168.0.15:137        0.0.0.0:*                           4591/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           4591/nmbd
udp        0      0 192.168.0.255:138       0.0.0.0:*                           4591/nmbd
udp        0      0 192.168.0.15:138        0.0.0.0:*                           4591/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           4591/nmbd
udp6       0      0 fe80::50:43ff:fee7::123 :::*                                2060/ntpd
udp6       0      0 ::1:123                 :::*                                2060/ntpd
udp6       0      0 :::123                  :::*                                2060/ntpd
I use Samba to edit Nginx's web files directly from Windows.

Thank you.

--
Edit: This is what I use in the Global section of smb.conf

Code:
[global]
workgroup = WORKGROUP
netbios name = MYSERVER

security = user
map to guest = Bad User

hosts allow = 127.0.0.1 192.168.0.0/24
hosts deny = 0.0.0.0/0

bind interfaces only = yes
;interfaces = 192.168.0.15/255.255.255.0 127.0.0.1/255.255.255.255
interfaces = lo eth0

load printers = no

Last edited by littlebigman; 05-01-2018 at 05:13 AM.
 
Old 04-29-2018, 10:07 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,873
Blog Entries: 27

Rep: Reputation: 4666Reputation: 4666Reputation: 4666Reputation: 4666Reputation: 4666Reputation: 4666Reputation: 4666Reputation: 4666Reputation: 4666Reputation: 4666Reputation: 4666
A web search for "hardening Linux" will turn up many suggestions and tutorials.
 
Old 04-30-2018, 03:09 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 19,514

Rep: Reputation: 3016Reputation: 3016Reputation: 3016Reputation: 3016Reputation: 3016Reputation: 3016Reputation: 3016Reputation: 3016Reputation: 3016Reputation: 3016Reputation: 3016
Along with many tasks that could harden the OS there are tasks for the web server and any other program or service running. Couple that with some advanced firewall/UTM maybe.

I'm not sure I know if your system just crashed or someone got in there yet. Some major flaws in some programs out there.

Easy to monitor isp side to see how many automated attacks every use gets each few minutes.

Might move over to some non writeable media for most of this if possible.
 
Old 04-30-2018, 11:42 PM   #4
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,511

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
I would look for a used Watchguard on eBay.com. It's industrial grade protection at a good price. It's a high-grade security system out of the box. I've had them borked to the point of needing a reboot, but no has gotten through one of mine.
 
Old 05-01-2018, 05:12 AM   #5
littlebigman
Member
 
Registered: Aug 2008
Posts: 553

Original Poster
Rep: Reputation: 33
Thanks much for the suggestions.

TCP80 is the only port reachable from the Net through the ADSL modem with NAT firewall turned on.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure network boot, Secure NFS alternative? Lop3 Linux - Security 1 07-21-2015 12:55 PM
LXer: Using secure shell (ssh) for login and secure copy (scp) for data transfer on Linux LXer Syndicated Linux News 0 02-05-2015 12:00 PM
LXer: Even the most secure cloud storage may not be so secure, study finds LXer Syndicated Linux News 0 04-23-2014 05:30 AM
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 07:19 AM
LXer: University of Michigan Selects SSH Tectia for Secure System Administration and Secure File Transfers LXer Syndicated Linux News 0 04-25-2006 01:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 05:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration