Go Back   nV News Forums > Software Forums > Networking And Security

Newegg Daily Deals

Reply
 
Thread Tools
Old 08-21-07, 08:00 PM   #1
grey_1
Guest
 
Posts: n/a
Default Securing Linux

Pretty straight forward. So many of the tutorials and suggestions I find are out of date or at odds with each other.

I'll have two linux and 1 win box on a small home network, and would like some suggested reading tips on the best way to really start becoming familiar with security on these things.

Thanks in advance.
  Reply With Quote
Old 08-21-07, 08:18 PM   #2
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Securing Linux

The first thing you need to do is disable unneeded listening daemons. I usually do this by issuing a "netstat -apvtul" which means "all program verbose tcp udp listening". Identify what you don't need and disable that daemon. There's various ways to do this, on a Debian system, I find it easy to just "cd /etc/init.d" and "update-rc.d -f [daemon] remove". RedHat based systems you can use "sysvinit".

The second thing you need to do is establish a good ingress (inbound) and egress (outbound) firewall policy. Things like FireStarter can allow you to configure iptables via GUI, however, I find it better to actually understand iptables so you can configure it manually.

I've got much more to say but I need to determine the context. For example, do you allow SSH inbound? If so, you can use keybased authentication, don't permit root login, only use protocol version 2, change the default listen port, and use something like fail2ban to prevent brute force attacks. You can also use port-knocking.
evilghost is offline   Reply With Quote
Old 08-21-07, 08:35 PM   #3
grey_1
Guest
 
Posts: n/a
Default Re: Securing Linux

Quote:
Originally Posted by evilghost
The first thing you need to do is disable unneeded listening daemons. I usually do this by issuing a "netstat -apvtul" which means "all program verbose tcp udp listening". Identify what you don't need and disable that daemon. There's various ways to do this, on a Debian system, I find it easy to just "cd /etc/init.d" and "update-rc.d -f [daemon] remove". RedHat based systems you can use "sysvinit".

The second thing you need to do is establish a good ingress (inbound) and egress (outbound) firewall policy. Things like FireStarter can allow you to configure iptables via GUI, however, I find it better to actually understand iptables so you can configure it manually.

I've got much more to say but I need to determine the context. For example, do you allow SSH inbound? If so, you can use keybased authentication, don't permit root login, only use protocol version 2, change the default listen port, and use something like fail2ban to prevent brute force attacks. You can also use port-knocking.
Thanks eg! This is exactly the type of stuff I'm looking for.

Removing the daemons not a problem, the iptables I want to learn. Time to get past the 'button monkey' stage.

SSH inbound will be allowed, but only temporarily so I can gain a passing familiarity with it.

Fail2ban I had to google. I like it, are there any limitations on updating it's ip list...er...updating the iptables?

I feel like a kid at christmas. I should have the third rig up tomorrow, + my laptop will be used now and again, through a linksys BEFSR41 I was given, seems nice and pretty configurable. Heh, got to learn that too!
  Reply With Quote
Old 08-21-07, 08:41 PM   #4
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Securing Linux

I use fail2ban, it's quite powerful, I use it to detect 404 and 401 errors on my webserver and ban them immediately, if they connect to an IP and not a vhost. It works very well at mitigating the brute-force and script-kiddie attacks. I also use it for SSH, but again, I run it on a high TCP port, not TCP 22, and I don't see brute force attacks. That, and I'm using key-based authentication, not password authentication.

OSSEC-HIDS is a great IDS for a local machine and it's log analysis engine is outstanding; think of it as Snort for logs.

There's tons of information I can give but it's hard to 'dd if=/dev/evilghost of=/dev/grey_1' without knowing what's applicable to you.
evilghost is offline   Reply With Quote
Old 08-21-07, 08:45 PM   #5
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Securing Linux

I also watch security trends, vulnerabilities, and issues via RSS. I use liferea and I'd be more than happy to share my RSS subscriptions with you.
evilghost is offline   Reply With Quote
Old 08-21-07, 08:50 PM   #6
grey_1
Guest
 
Posts: n/a
Default Re: Securing Linux

Quote:
Originally Posted by evilghost
I use fail2ban, it's quite powerful, I use it to detect 404 and 401 errors on my webserver and ban them immediately, if they connect to an IP and not a vhost. It works very well at mitigating the brute-force and script-kiddie attacks. I also use it for SSH, but again, I run it on a high TCP port, not TCP 22, and I don't see brute force attacks. That, and I'm using key-based authentication, not password authentication.

OSSEC-HIDS is a great IDS for a local machine and it's log analysis engine is outstanding; think of it as Snort for logs.

There's tons of information I can give but it's hard to 'dd if=/dev/evilghost of=/dev/grey_1' without knowing what's applicable to you.
Lol, I got a kick out of that.

Basically my main rig running Deb, my second box running deb, my wifes winpc.

My second rig is going to be my learning box...starting with the security, then file sharing, server set up etc. I'm not worried about breaking the install on it. This entire setup is a learning exercise for me, the more the better, as it's very pertinent to my career as well as personal gratification from learning as much as I can.

A formal college would be best, but families needs are still priority with me. Ergo my plea to MikeC for this forum.
  Reply With Quote
Old 08-21-07, 08:52 PM   #7
grey_1
Guest
 
Posts: n/a
Default Re: Securing Linux

Quote:
Originally Posted by evilghost
I also watch security trends, vulnerabilities, and issues via RSS. I use liferea and I'd be more than happy to share my RSS subscriptions with you.
I'm interested, although I'm not sure I would understand what I'm reading at this point.

Lol, I'll pretty much be full time linux soon as I finish Bioshock so the learning will be faster.
  Reply With Quote
Old 08-22-07, 07:41 AM   #8
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Securing Linux

I use the following RSS feeds:
Security Viewpoints - http://feeds.feedburner.com/advosys/viewpoints
Milw0rm - http://www.milw0rm.com/rss.php
Stephen Esser's PHP Security Blog - http://blog.php-security.org/feeds/categories/1-PHP.rss
SecuriTeam - http://www.securiteam.com/securiteam.rss
Packet Storm Security (last files) - http://packetstormsecurity.org/last.xml
SANS ISC - http://iscxml.sans.org/rssfeed_full.xml
SANS ISC SecNewsFeed - http://iscxml.sans.org/newssummary.xml
eEye Digital Security - Zero-Day Tracker - http://research.eeye.com/rss/zeroday.rss
evilghost is offline   Reply With Quote

Old 08-22-07, 07:43 AM   #9
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Securing Linux

Quote:
Originally Posted by grey_1
A formal college would be best, but families needs are still priority with me. Ergo my plea to MikeC for this forum.
In the security industry there's little value in formal education because:
1) The instructors usually don't understand the material themselves.
2) The material is outdated
3) Practical experience is more job valuable.
evilghost is offline   Reply With Quote
Old 08-22-07, 08:36 AM   #10
DiscipleDOC
 
DiscipleDOC's Avatar
 
Join Date: Dec 2002
Location: Alabama, Planet Earth
Posts: 5,993
Default Re: Securing Linux

Quote:
Originally Posted by evilghost
There's tons of information I can give but it's hard to 'dd if=/dev/evilghost of=/dev/grey_1' without knowing what's applicable to you.
I use this command (or a variation) to zero out hard drives when we reimage them....

Quote:
Originally Posted by evilghost
In the security industry there's little value in formal education because:
1) The instructors usually don't understand the material themselves.
2) The material is outdated
3) Practical experience is more job valuable.
QFT. It's hard to get an education on cutting edge technology.
DiscipleDOC is offline   Reply With Quote
Old 08-22-07, 01:51 PM   #11
grey_1
Guest
 
Posts: n/a
Default Re: Securing Linux

Quote:
Originally Posted by evilghost
In the security industry there's little value in formal education because:
1) The instructors usually don't understand the material themselves.
2) The material is outdated
3) Practical experience is more job valuable.
Good to hear, all the more reason to dig in here. I'll be back bugging you for help once I have this set up.


Thanks Bro.
  Reply With Quote
Old 08-23-07, 10:11 AM   #12
nekrosoft13
I'm Geralt
 
Join Date: Oct 2005
Location: Chicagoland, once a year in Poland
Posts: 24,366
Default Re: Securing Linux

Quote:
Originally Posted by evilghost
The first thing you need to do is disable unneeded listening daemons. .

linux got DEMONS!!,



..... runs away..........
__________________
Windows 8 the next big failure, right after Windows ME
nekrosoft13 is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
nVidia Linux drivers with Linux on Mac, help? Thetargos NVIDIA Linux 0 05-13-12 12:52 PM
302.07 (beta) for Linux x86/x86_64 released AaronP NVIDIA Linux 0 05-02-12 09:55 AM
295.40 (long-lived branch release) for Linux x86/x86_64 released danix NVIDIA Linux 0 04-11-12 08:25 AM
Mandrake Linux 9.0 (Dolphin) now available | comments? volt General Linux 10 10-19-02 10:13 PM
Linux VS. Windows XP! XP wins! dostler NVIDIA Linux 20 09-15-02 03:47 PM

All times are GMT -5. The time now is 01:41 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.