December 6th, 2001, 08:02 AM
Yes, with the 2.4.x kernels came iptables to replace ipchains as the defacto packet filtering firewall tool. iptables && netfilter etc. are great! I do recommend a kernel patch like grsecurity/LIDS/OpenWall etc.. to secure the box a little better. *n?x exploits often involve executing code on the stack, so anything you can do to make such a thing hard/difficult/impossible greatly improves your security.
The other thing I would recommend is remove the setXid bit from anything that does not absolutely have to have it. setXid (setuserid and setgroupid) is the real killer on any flavor of *n?x if the system is compromised.
The default Linux install comes with a long list of setXid programs by deafult. I really do recommend auditing these.
A very simple way to find them is to type the following on the command line:
# find / \( -perm -02000 -o -perm -04000 \) -ls > setXid.txt
Then you can open setXid.txt in an editor like vi and see what you don't really need to be setXid.
Also, (while I am in the mood to post ) take a look at `chattr' and `lsattr', read their man pages and get to know them. I use `chattr +i program_name' on anything that could be of use to a hacker if they gain access to my system. This greatly reduces the threat of root-kits and other trojaned programs because the file can not be modified in *any* way. `chattr +a /var/log/logname' is another good one because it puts the log/file in append mode only. The hacker if successful will not be able to modify the logs to erase evidence that s/he was there.
(note: chattr & lsattr are only available on Linux, no Unix flavors have these binaries afaik )
Just a couple of ideas for you.
December 7th, 2001, 03:47 AM
a mandrake firewall.......you have a few options as previously said. I may have missed it. But I don't think anyone mentioned the Linux single network firewall that was released by mandrake....for mandrake. the easiest thing to do...and I don't believe it was mentioned either.....set up IPchains or IPtables as your firewall. thats all the others are anyways...for the most part. you can find howtos on almost any linux/unix site......
I stand corrected....IPchains was mentioned
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
December 16th, 2001, 09:38 AM
If you want a firewall for Lin¡nux you can probe IpChains I think that it comes in the distribution, if no come you can dowload from this url http://188.8.131.52/cgi-bin/search/...value=ipchains if no connect or give you some problem put this other url http://packetstorm.decepticons.org/ nad in the search put IpChains I think tahat now it can change of name and now his name is IpTabbles but I not sure. In the paquet will come some documentation but if dont come i send a how to of use it bye
Hide your face forever
dream and search forever
night and night you feel nothing
there\'s no way outside of my land
Open your eyes, open your mind ...
December 16th, 2001, 10:51 AM
Ipchains or iptables both are great for
shutting down your box,also you can use portsentry with these two to double your
security.you can find portsentry at:
Also you need to shutdown any services
that you are not using like,NFS,NIS,
portmap,fingerd.shutdown all of your
rservices,make sure that you dont allow
root logins. cheak ssh and make sure it
says no to "root login".Use xinetd instead
December 17th, 2001, 12:22 PM
Just a few words to give more explanation about Linux Bastille.
This is project, (http://www.bastille-linux.org/) leaded by Jay Beale , a man working at Mandrake, that installs itself on RedHat and Mandrake. Program is shipped by default in RPM with Mandrake (CD1), no idea about RedHat.
This is a GUI that explain you very clearly what options, what issues and so on... and configure your firewall.
This is known as very secure and efficient.
Linoux c\'est de la bombe bébé !