LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Securing Slackware server (https://www.linuxquestions.org/questions/slackware-14/securing-slackware-server-4175733634/)

dalgrim 02-07-2024 12:56 PM
Securing Slackware server
 
I'm looking for some suggestions on securing my slackware 15 server. For now it's only running a couple video game servers for my kids and a mariadb (mysql) that I use for development. I have a firewall (dedicated hardware router/firewall/IPS) that only allows the appropriate IP4 ports through however IPv6 is a thing and not knowing as much about it I'm concerned about security on the linux box.

I have disabled SSH password logins, requiring keys.
I stay up to date with slackpkg+
I routinely manually check the last and lastb looking for any strange logins <-- I'd like a more automated way to check this, maybe something like "fail2ban".
I only run the network processes/applications I actively use.

Any other suggestions or resources?

-Brian

wpeckham 02-07-2024 03:50 PM
Why not disable IPv6?

lostintime 02-07-2024 04:37 PM
Computer security is one of those topics where asking 10 people for advice results in 12 answers.

Security usually is about risk vs. benefit and how big of a tinfoil hat one wants to wear.

Often security is about layers. For example, an nmap scan would reveal what is open to the world. Although there is a network layer firewall, a simple no frills rc.firewall could be added to ensure nobody hacks the computer if the network firewall is compromised.

Monitoring /var/log/secure might be more useful than monitoring /var/log/wtmp (last[b]).

There might be other ways of securing the environment. For example, development could be contained to inside a virtual machine that has no internet access.

Young children usually are not security concerns. They use whatever parents provide. Just provide them their own login account and let them play. Older children know about the outside world. They tend to get frustrated when they are denied access and start learning or recruiting friends to help them thwart parental controls unless there is a healthy relationship with the parents.

The usual caveats apply -- I'm not a security guru and do not play one on TV. :)

dalgrim 02-07-2024 04:41 PM
Quote:
Originally Posted by wpeckham (Post 6482105)
Why not disable IPv6?
I did think about that but I'd rather learn the correct way to use it. It is the future of networking. As an educational exercise. If it was a mission critical business production server that didn't need IPv6 That's the way I'd go.

I'm just looking for the most current IPv6 and general system hardening recommendations, without going full paranoia mode.

-Brian

dalgrim 02-07-2024 05:02 PM
Quote:
Originally Posted by lostintime (Post 6482113)
Computer security is one of those topics where asking 10 people for advice results in 12 answers.

Security usually is about risk vs. benefit and how big of a tinfoil hat one wants to wear.

Often security is about layers. For example, an nmap scan would reveal what is open to the world. Although there is a network layer firewall, a simple no frills rc.firewall could be added to ensure nobody hacks the computer if the network firewall is compromised.

Monitoring /var/log/secure might be more useful than monitoring /var/log/wtmp (last[b]).

There might be other ways of securing the environment. For example, development could be contained to inside a virtual machine that has no internet access.

Young children usually are not security concerns. They use whatever parents provide. Just provide them their own login account and let them play. Older children know about the outside world. They tend to get frustrated when they are denied access and start learning or recruiting friends to help them thwart parental controls unless there is a healthy relationship with the parents.

The usual caveats apply -- I'm not a security guru and do not play one on TV. :)
Yeah, the kids are teens. I'm not really concerned about them though. Fingers crossed, but so far we still have a great relationship and there is trust there. I'm more concerned about the millions of crazies in *insert foreign country here* doing port scans, seeing that there are open ports (there have to be to host the game servers) and attempting to hack the system. I do have a domain name with a subdomain that points to this system (IPv6) using cloudflare and a bash script that runs daily to update the DNS record.

At least the system is mostly for personal stuff and worst case if someone does compromise it I could format and reinstall, only losing some sleep in the process.

I do agree there are so many opinions about security, but that's why I asked. Sometimes you get some really good ideas that you never even considered before.

-Brian

Jan K. 02-07-2024 08:14 PM
Why not let an auditing tool loose on your system?

Lynis always first, that springs to mind...

But others... like https://geekflare.com/server-configu...itoring-tools/

wpeckham 02-07-2024 09:30 PM
If your edge device (router or modem to access the internet) supports IPv6 then the filtering there should support filtering and blocking IPv6. IF it does NOT support IPv6 then you do not have to worry about it passing through IPv6 addressed packets.

Your firewall on your host should have settings for both IPv4 and IPv6 filtering. You can always use that to secure your host, it is what it is made to do.

babydr 02-07-2024 11:03 PM
@dalgrim , If your routing device is a cisco/juniper/... , there is a set of security related reference templates for these and other devices & protocols that may be of use to you ...

Provided by team-cymru these have been of good service to me . Hth , JimL

http://https://github.com/team-cymru...rity-templates

r1w1s1 03-08-2024 11:56 AM
Quote:
Originally Posted by dalgrim (Post 6482067)
I'm looking for some suggestions on securing my slackware 15 server. For now it's only running a couple video game servers for my kids and a mariadb (mysql) that I use for development. I have a firewall (dedicated hardware router/firewall/IPS) that only allows the appropriate IP4 ports through however IPv6 is a thing and not knowing as much about it I'm concerned about security on the linux box.

I have disabled SSH password logins, requiring keys.
I stay up to date with slackpkg+
I routinely manually check the last and lastb looking for any strange logins <-- I'd like a more automated way to check this, maybe something like "fail2ban".
I only run the network processes/applications I actively use.

Any other suggestions or resources?

-Brian
I really like fail2ban, you should used.

If is possible try to change the default ports, like 22(ssh) to 30350 or any high number, if you do to others services will be bette.

If you have cloudflare you can put a WAF in from off the application if you web application.

rkelsen 03-08-2024 05:21 PM
Quote:
Originally Posted by dalgrim (Post 6482114)
It is the future of networking.
Is it though?


All times are GMT -5. The time now is 01:46 AM.