Thread: Securing Linux
View Single Post
Old 08-21-07, 08:35 PM   #3
Posts: n/a
Default Re: Securing Linux

Originally Posted by evilghost
The first thing you need to do is disable unneeded listening daemons. I usually do this by issuing a "netstat -apvtul" which means "all program verbose tcp udp listening". Identify what you don't need and disable that daemon. There's various ways to do this, on a Debian system, I find it easy to just "cd /etc/init.d" and "update-rc.d -f [daemon] remove". RedHat based systems you can use "sysvinit".

The second thing you need to do is establish a good ingress (inbound) and egress (outbound) firewall policy. Things like FireStarter can allow you to configure iptables via GUI, however, I find it better to actually understand iptables so you can configure it manually.

I've got much more to say but I need to determine the context. For example, do you allow SSH inbound? If so, you can use keybased authentication, don't permit root login, only use protocol version 2, change the default listen port, and use something like fail2ban to prevent brute force attacks. You can also use port-knocking.
Thanks eg! This is exactly the type of stuff I'm looking for.

Removing the daemons not a problem, the iptables I want to learn. Time to get past the 'button monkey' stage.

SSH inbound will be allowed, but only temporarily so I can gain a passing familiarity with it.

Fail2ban I had to google. I like it, are there any limitations on updating it's ip the iptables?

I feel like a kid at christmas. I should have the third rig up tomorrow, + my laptop will be used now and again, through a linksys BEFSR41 I was given, seems nice and pretty configurable. Heh, got to learn that too!
  Reply With Quote