[CTS] Re: Linux?
- From: Lynn <landerso@xxxxxxxxxx>
- To: computertalkshop@xxxxxxxxxxxxx
- Date: Tue, 30 Jan 2001 19:56:36 -0500
TS152@xxxxxxxxxxxxxxxxxxx wrote:
>
> Security-wise, what documentation is available on how to lock down redhat
> linux 6.2 ... or any other linux distribution, for that matter? Let's say
> I want to put my Linux server out on the internet, how can I protect it
> from getting hacked?
>
Firstly, you mean cracked. Hackers do not break into servers, they play
with computers. Hackers have enough of their own computers, they don't
need to mess with yours. Most of the types that try to crack computers
are crackers, phreakers, and skr1pt k1dd13z. These are lowers forms of
life than most of us, and usually very, very stupid. Occasionally,
you'll hit a smart cracker, but most of the time they're dumb as a pole.
Now, as for security. Securing a machine, ANY machine, is a BIG
question. As a basic rule of thumb, monitor CERT, l0pht and the
rootshell mailing lists for advisories. These are the lists that
professional sysadmins monitor. The URLS:
http://www.cert.org
http://www.l0pht.com
http://www.rootshell.com
Buy Practical Unix Security published by O'Reilly(a rule of thumb that
will save you many thousands of dollars: all O'Reilly books are worth
buying. Most UNIX sysadmins don't even have to read the back of an
O'Reilly book before buying it. They're all worth their weight in gold,
and you'll never regret buying an O'Reilly book). That will give you a
grounding in basic security measures. Install nmap, sniffit, and
tripwire. Either have logs e-mailed to you daily or have them printed
out by a dot-matrix printer attached to the server. nmap will tell you
what ports you have open(it's probably a good idea to just completely
shutdown inetd). sniffit is a packet sniffer, it lets you watch what's
going over the wire. tripwire creates a database of file permissions,
dates, sizes and checksums. Store this database on read-only media,
have tripwire run nightly. tripwire will send out alerts if any files
or directories are changed on the server. Watch the system like a
hawk. Especially watch for directories like ".. " and lrk4 or lrk5
suddenly popping up. If they do, you have a skr1pt k1dd13.
Shut down ALL unnessecary services. If you are only hosting a website,
the maximum ports you should have open are ssh, http and ftp. Don't use
WU-FTPD, it's bug-ridden. Use ProFTPD, have it lock ALL users uploading
webpages in a chroot jail in their home directories. NEVER USE TELNET!
Telnet is a MASSIVE security hole! DON'T USE TELNET! Use OpenSSH.
OpenSSH goes through regular security audits of the source code.
portmapper, the r commands are massive security holes.
It's a personal decision as to whether or not you want to run sendmail
for e-mail service. UNIX machines don't handle life without a mail
server well. Either postfix or qmail are MUCH more secure. Sprint
Canada's dialup service uses postfix for e-mail, Hotmail runs qmail.
Just about everybody else, though, uses sendmail.
It is very important to watch a machine. If you're ultra-paranoid,
sniffit can be run to log the contents of all packets going over the
wire. Log messages are critical for telling you what might be happening
to the machine. For example, if you're port-scanned, the log will show
null connections to just about every port on the machine. You'll
probably want to nuke sudo.
---------------------------------------------------------------------------
-----
Computer Talk Shop
To un-subscribe, http://questforcertification.com/cts/unsubscribe.htm
List HowTo: http://questforcertification.com/cts/faq
To join Computer Talk Shop's off topic list, please goto:
http://questforcertification.com/cts/other_cts_lists.htm
---------------------------------------------------------------------------
------
Other related posts:
