LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 04-27-2002, 07:07 PM   #1
toothfish
LQ Newbie
 
Registered: Apr 2002
Location: northeast san francisco
Distribution: slack 8.0
Posts: 14

Rep: Reputation: 0
newbie security.


hi it's paul here. i'm pretty new to slack and linux in general, but i managed to install v8.0 on a somewhat old toshiba tecra 510cdt. xfree86/kde display issues aside, i seem to be doing ok so far- but since i'm running both ftp and apache servers here, i'm curious if anyone has any general security tips. since i don't really know what i'm doing (apache and proftpd installed and start sort of automagically). i keep an eye on my logs, but that strikes me as a little backward, as if anything did happen it'd be sort of too late. most of the time any "attacks" i get are what i suspect are infected servers looking for NT-specific vulnerabilities, so i'm not too worried about that. and i plan on only keeping the server machine powered on part time anyway (like while i'm using it, not really to serve stuff constantly), partly out of paranoia and partly in the interest of keeping the old utility bill down...

i guess i have a couple specific questions:

1. are there changes i ought to make to the default install? seems to me that most of the defaults lean in the direction of more secure vs. not (no root or anonymous ftp login, no backing up out of the root www directory, etc), but i'd rather be safe(r) than sorry.

2. can i shut down or monitor telnet activity? i noticed some odd telnet goings-on, and i'm not sure what i should do, if anything. it was an isolated incident, anyway.

3. shut down unused ports? uh. how do i do this?

4. if i'm using one routable IP address from behind NAT, am i compromising the security of the rest of our network here? we have one mac and two windows machines that, as far as i know, aren't visible from the outside, but since i only barely managed to configure our routing table, i'm not too sure. that in itself is probably an indication that i shouldn't be doing this at all...

and i just sort of noticed that none of these are really slackware-specific questions, but try not to be too brutal.

thanks
cheers
paul
 
Old 04-28-2002, 07:29 PM   #2
taz.devil
Senior Member
 
Registered: Nov 2001
Location: Wa. State
Distribution: Slackware
Posts: 1,261

Rep: Reputation: 45
I don't think anyone will be brutal in this particular forum.
As far as most of your questions, I believe you could answer them all with a well built firewall with well setup network intrusion detection software. iptables (netfilter), is the name of the newer 2.4.x kernel firewall er, tables. LOL I don't know what ports and or setup you have going as far as NAT and the servers, though if you look into iptables, they can all be taken care of with it. I'm sorry if this was a little general, but I believe it's the right place to start. Correct me if I misunderstood anything.
 
Old 04-29-2002, 08:56 AM   #3
Richard James
LQ Newbie
 
Registered: Apr 2002
Location: Australia
Distribution: Slackware
Posts: 21

Rep: Reputation: 15
Quote:
1. are there changes i ought to make to the default install? seems to me that most of the defaults lean in the direction of more secure vs. not (no root or anonymous ftp login, no backing up out of the root www directory, etc), but i'd rather be safe(r) than sorry.
Yes first of all shut off any uneeded ports. You will find most not all in /etc/inetd.conf you can turn these off by commenting them and restarting inted with kill -HUP $pidofinetd where $pidofinetd is the number that ps ax gives you for /usr/sbin/inetd the first things you should shutoff are finger, netstat and systat. If you read http://www.linuxsecurity.com/docs/colsfaq.html it will tell you some other things to do. There are other sites you can read as well but that FAQ should get you started
Quote:
2. can i shut down or monitor telnet activity? i noticed some odd telnet goings-on, and i'm not sure what i should do, if anything. it was an isolated incident, anyway.
Yes it is in inetd.conf you should use sshd instead. Make sure your passwords are hard to crack. If you suspect your machine has been tampered with then you should get a rootkit detector and it run it on the machine.
Quote:
3. shut down unused ports? uh. how do i do this?
You can do the inetd thing, some other programs do not run through inetd such as apache and samba to stop their ports kill the program.
Quote:
4. if i'm using one routable IP address from behind NAT, am i compromising the security of the rest of our network here? we have one mac and two windows machines that, as far as i know, aren't visible from the outside, but since i only barely managed to configure our routing table, i'm not too sure. that in itself is probably an indication that i shouldn't be doing this at all...
Technically yes you are compromising security. If however you are the sysadmin of the network then no. Either way you can improve system security by finding out information on security. It is harder to crack a system where someone has a clue then one where no one does. So read the C.O.L.S FAQ and get secured and have fun doing it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
security newbie, but not Linux newbie. advice on secure delete tools mattie_linux Linux - Security 19 08-15-2005 01:50 AM
newbie apache security help bungle3 Linux - Software 2 03-17-2005 04:46 PM
Security Reccomendations (newbie) XsuX Linux - Security 3 10-27-2004 07:05 AM
Newbie Security Questions jtaylor75 Linux - Security 6 12-08-2003 04:18 PM
Security for a newbie mdktechie Linux - Security 1 10-01-2003 03:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration