Computer/Internet Issues & TroubleshootingAnyone with questions about the terribly complex world of computers or the internet should try here. We will also try and help with troubleshooting any technical problems you may have with the forums.
I have a Linux machine at home and I'm wondering if there is anything I can do to protect the machine against attacks. I have iptables up and running, blocking all ports except 23 (ssh), 80 (http) and a few other, i.e. for Samba. It is open to the internet because it is running a web site. My worry is that I've left a back door open and that a spammer will hijacked my machine to do his dirty deed.
The main rules are (a) offer only what you need and (b) keep it patched. If it's running a website then i'd have thought that you'd only need port 80 open externally (i.e. outside any local subnet), possibly ssh if you really need to access it remotely. Why Samba?
Evo, I use Samba to access the Linux disk from my Windows machine. I have to say it's not the greatest way of connecting but it works well enough that I haven't looked for anything better. Do you recommend something else, i.e. NFS?
No, Samba's fine IMHO - haven't used NFS in years but I remember it being a pain. However, couldn't figure out from your post if Samba's port (139?) was open externally, and if so, why?
I'd only have http and ssh open to non-LAN traffic, and for most purposes it's probably ok not to worry too much about packets from within your own LAN.
Thanks for the link, ORAC, but it's definitly a bit OTT for my setup.
Evo, I'll have to 'adjust' my iptables a bit. I've got Samba ports (both 137 and 139 for some reason) open to all, i.e. not just the LAN. In fact I have four ports open: http, ssh, mysql and samba. Best I figure out quick how to restrict both mysql and samba to LAN only.
Locking down your system requires more than using iptables to close ports. I recommend you visit http://www.bastille-linux.org/ and follow the advice there. You can download a perl script which will guide you through the steps you need to take.
I'll have to investigate that further, izod tester. I quite fancy the idea of having a hard system
Evo, when I setup my iptables originally I followed an online guide quite similar to your link. I suspect I already know what's required. Drop all incoming except port 22, 80 or from 192.168.etc. Just got to find some time to go over it again.
Stoney, sounds right to me. If you haven't found it already, i've found nmap to be a good tool for testing how successful i've been in restricting services.
