I have a Linux machine at home and I'm wondering if there is anything I can do to protect the machine against attacks. I have iptables up and running, blocking all ports except 23 (ssh), 80 (http) and a few other, i.e. for Samba. It is open to the internet because it is running a web site. My worry is that I've left a back door open and that a spammer will hijacked my machine to do his dirty deed.

Any hints and tips welcome.

Regards
Stoney

I don't much myself, but you could try LinuxQuestions (http://www.linuxquestions.org) or maybe the Linux Documentation Project (don't know the link).

goates

The main rules are (a) offer only what you need and (b) keep it patched. If it's running a website then i'd have thought that you'd only need port 80 open externally (i.e. outside any local subnet), possibly ssh if you really need to access it remotely. Why Samba?

Evo, I use Samba to access the Linux disk from my Windows machine. I have to say it's not the greatest way of connecting but it works well enough that I haven't looked for anything better. Do you recommend something else, i.e. NFS?

Regards
Stoney

No, Samba's fine IMHO - haven't used NFS in years but I remember it being a pain. However, couldn't figure out from your post if Samba's port (139?) was open externally, and if so, why?

I'd only have http and ssh open to non-LAN traffic, and for most purposes it's probably ok not to worry too much about packets from within your own LAN.

Kaspersky (http://www.kaspersky.com/businessoptimal?chapter=4158414)

ORAC, did you look up the price too? It's probably a bit expensive for what Stoney needs.

Thanks for the link, ORAC, but it's definitly a bit OTT for my setup.

Evo, I'll have to 'adjust' my iptables a bit. I've got Samba ports (both 137 and 139 for some reason) open to all, i.e. not just the LAN. In fact I have four ports open: http, ssh, mysql and samba. Best I figure out quick how to restrict both mysql and samba to LAN only.

Thanks for the tips.

Regards
Stoney

I haven't used it, but the iptables-HOWTO (http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html) might help.

Locking down your system requires more than using iptables to close ports. I recommend you visit http://www.bastille-linux.org/ and follow the advice there. You can download a perl script which will guide you through the steps you need to take.

I'll have to investigate that further, izod tester. I quite fancy the idea of having a hard system ;)

Evo, when I setup my iptables originally I followed an online guide quite similar to your link. I suspect I already know what's required. Drop all incoming except port 22, 80 or from 192.168.etc. Just got to find some time to go over it again.

Regards
Stoney

Stoney, sounds right to me. If you haven't found it already, i've found nmap (http://www.insecure.org/nmap/) to be a good tool for testing how successful i've been in restricting services.