PPRuNe Forums

PPRuNe Forums (https://www.pprune.org/)
-   Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)
-   -   Securing a Linux machine (https://www.pprune.org/computer-internet-issues-troubleshooting/170870-securing-linux-machine.html)

Stoney X 13th Apr 2005 15:53
Securing a Linux machine
 
I have a Linux machine at home and I'm wondering if there is anything I can do to protect the machine against attacks. I have iptables up and running, blocking all ports except 23 (ssh), 80 (http) and a few other, i.e. for Samba. It is open to the internet because it is running a web site. My worry is that I've left a back door open and that a spammer will hijacked my machine to do his dirty deed.

Any hints and tips welcome.

Regards
Stoney

goates 13th Apr 2005 17:39
I don't much myself, but you could try LinuxQuestions or maybe the Linux Documentation Project (don't know the link).

goates

Evo 13th Apr 2005 19:53
The main rules are (a) offer only what you need and (b) keep it patched. If it's running a website then i'd have thought that you'd only need port 80 open externally (i.e. outside any local subnet), possibly ssh if you really need to access it remotely. Why Samba?

Stoney X 14th Apr 2005 12:02
Evo, I use Samba to access the Linux disk from my Windows machine. I have to say it's not the greatest way of connecting but it works well enough that I haven't looked for anything better. Do you recommend something else, i.e. NFS?

Regards
Stoney

Evo 14th Apr 2005 14:31
No, Samba's fine IMHO - haven't used NFS in years but I remember it being a pain. However, couldn't figure out from your post if Samba's port (139?) was open externally, and if so, why?

I'd only have http and ssh open to non-LAN traffic, and for most purposes it's probably ok not to worry too much about packets from within your own LAN.

ORAC 14th Apr 2005 14:36
Kaspersky

Evo 14th Apr 2005 14:44
ORAC, did you look up the price too? It's probably a bit expensive for what Stoney needs.

Stoney X 14th Apr 2005 15:22
Thanks for the link, ORAC, but it's definitly a bit OTT for my setup.

Evo, I'll have to 'adjust' my iptables a bit. I've got Samba ports (both 137 and 139 for some reason) open to all, i.e. not just the LAN. In fact I have four ports open: http, ssh, mysql and samba. Best I figure out quick how to restrict both mysql and samba to LAN only.

Thanks for the tips.

Regards
Stoney

Evo 14th Apr 2005 15:27
I haven't used it, but the iptables-HOWTO might help.

izod tester 14th Apr 2005 21:27
Locking down your system requires more than using iptables to close ports. I recommend you visit http://www.bastille-linux.org/ and follow the advice there. You can download a perl script which will guide you through the steps you need to take.

Stoney X 15th Apr 2005 13:27
I'll have to investigate that further, izod tester. I quite fancy the idea of having a hard system ;)

Evo, when I setup my iptables originally I followed an online guide quite similar to your link. I suspect I already know what's required. Drop all incoming except port 22, 80 or from 192.168.etc. Just got to find some time to go over it again.

Regards
Stoney

Evo 15th Apr 2005 13:59
Stoney, sounds right to me. If you haven't found it already, i've found nmap to be a good tool for testing how successful i've been in restricting services.


All times are GMT. The time now is 05:30.


Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.