Linux Box Security

Archived discussion from Toril-2.
Silverast Rubicyn
Sojourner
Posts: 376
Joined: Wed Feb 07, 2001 6:01 am
Location: Long Branch, NJ

Linux Box Security

Postby Silverast Rubicyn » Mon Dec 04, 2006 4:19 pm

Hey Guys -

A friend of mine is running a linux box to run stuff off of on the internet ... including his website, ftp server, email, and some forums. He's had some issues with unauthorized people getting into the box (the most recent of which was this weekend, where someone was able to place a spam emailer on his server which pumped out 2.5gigs worth of spam email in 3 days). Also the bbs has been getting hit hard with spam bots. So I guess my question is what options does he have as far as security/firewalls/etc? I don't know much about it myself, but I know that some of you probably do.

Thanks in advance for any help.

-Talsor/Ed
amolol
Sojourner
Posts: 688
Joined: Mon Sep 30, 2002 5:01 am

Postby amolol » Mon Dec 04, 2006 6:03 pm

well first of all he can run the linux box as a firewall also, that will help i dont have any of the program links handy but i will get ahold of them what cersion of linux is he using? that is a big question on how to best protect him
i dont know what your problem is, but i bet its hard to pronounce

myspace.com/tgchef
Silverast Rubicyn
Sojourner
Posts: 376
Joined: Wed Feb 07, 2001 6:01 am
Location: Long Branch, NJ

Postby Silverast Rubicyn » Mon Dec 04, 2006 7:12 pm

He's not sure as of right this second, but he's going to find out. He installed a firewall called KISS my Firewall ... is that any good?
amolol
Sojourner
Posts: 688
Joined: Mon Sep 30, 2002 5:01 am

Postby amolol » Mon Dec 04, 2006 7:16 pm

not sure i havent played with it any. im still learning the ins and outs of linux.
my dad is the real guru. the other thing you could do is talk to zipah in game he is a linux admin he should be able to help you out alot.
i dont know what your problem is, but i bet its hard to pronounce



myspace.com/tgchef
tamitan
Sojourner
Posts: 7
Joined: Mon Aug 15, 2005 7:30 am
Contact:

this is the Zipah!... unwanted access tempts in linux

Postby tamitan » Mon Dec 04, 2006 9:02 pm

the best way to restrict access to a linux box is to run I tight set of firewall rules with other services restricted or obscured... this is easily done.

ssh is the number 1 intrusion, though it is needed for remote management so be sure that ssh is updated the latest version, next obscure the port that it is connecting on, and disable root login to ssh. all should be done from the sshd_config OR sshd.conf file on your linux box(depending on distro).

my firewall of choice good old iptables should be a standard package for just about every distro
create a good acl based firewall. A firewall with a default policy of accept is not a firewall it is a filter

this will get you started
first you need to clear the iptables lists and set the policies so you can access the box... then restrict them again

ran as root

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
iptables -L -n

ths should display something like this

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

then you need to add the rule for your local address
iptables -I INPUT -s XXX.XXX.XXX.XXX -j ACCEPT

where XXX.XXX.XXX.XXX is the external address of your workstation( if you are behind a nat device you need to have it be the address of the nat device a.k.a visit whatismyip.com)

iptables -P INPUT DROP

now your box is completely non existant on the internet accept for the single address that you allowed
next you need to add some minor rules for TCP sessions so that it doesn't look like it is firewalled so much

iptables -A INPUT -s 0.0.0.0/0 -m --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT --dport XXXX -j ACCEPT

where XXXX is your new ssh port

iptables -A INPUT -s 0.0.0.0/0 -j LOG --log-level 4 --log-prefix "UFO access attempt"
iptables -A INPUT -s 0.0.0.0/0 -j DROP

and bang all access to the box is now stopped... if you have spicific networks that you want to allow to the box there are some ways you can do that easiest is with "white listing" using the rule that i used to allow your address
you can specify an address block by -s XXX.XXX.XXX.0/XX the /XX is the netmask (usually 24)
tighter firewalls can be achieved using a proggy called fwlogwatch... but it is too hard to explain here

any question you can mmail me or talk to me ingame... I play zipah mostly now

---------------------------
Your Friendly Neighborhood Paladin
tamitan
Sojourner
Posts: 7
Joined: Mon Aug 15, 2005 7:30 am
Contact:

Ooohhh forgot something

Postby tamitan » Mon Dec 04, 2006 9:15 pm

You need to change all user and root accounts passwords... to things that are more secure

something like these

yvrwDcJDl
ywmkhxHCKC
KfxYaw97kTavY
SUE7ohAr7PD1Y

from my pass-o-matic script *grin*

---------------------------
Your Friendly Neighborhood Paladin
Silverast Rubicyn
Sojourner
Posts: 376
Joined: Wed Feb 07, 2001 6:01 am
Location: Long Branch, NJ

Postby Silverast Rubicyn » Tue Dec 05, 2006 2:19 pm

Thanks alot for the help ... I'll be passing that along to my friend. If I need anything else I'll be contacting you in game ... thanks again boss.

-Talsor/Ed
Yasden
Sojourner
Posts: 1597
Joined: Sat Feb 03, 2001 6:01 am
Location: Lake Stevens, WA, USA

Postby Yasden » Wed Dec 06, 2006 12:21 pm

Disable root logins entirely, as using root login is stupid. Don't forget your root password though, you'll still need it to perform some things you restrict.

Is he using BSD or Linux? You say Linux, but I know a lot of people say Linux and mean BSD cause they don't know they difference. :) OS/distro would be good to know in this situation.

CONFIGURE APACHE PROPERLY!!! This is the biggest security leak you could potentially have if he just threw it on the box without doing any major configs.

If he's running an FTP, make sure he doesn't allow executables to be uploaded. That could be how he got the spam engine. If you allow anonymous logins, then consider disabling anonymous uploads. Log your uploads from other users, just in case.

Try this page out if he's really new at Linux...

http://www.reallylinux.com/docs/conflin.shtml

Astaro is a good choice for a Linux firewall, and IPFW2 is a great BSD firewall.

I could post tons more, but I don't feel like Googling at 5 AM. :P I highly recommend searching for documentation on configuring each of your processes (FTP/Apache/email/BBS).

Hope that helps, Ed!
Support Your Addiction! Vote for TorilMUD Today!

Top Mud Sites: http://www.topmudsites.com/cgi-bin/topmuds/rankem.cgi?id=shev

Why Nerox is jealous of me:

Nerox tells you 'man this thing is kicking my ass and i have blisters!'
Nerox tells you 'ok attempting it again put tape on my fingers for easier sliding'

Return to “General Discussion Archive”

Who is online

Users browsing this forum: No registered users and 3 guests