November 18th, 2002, 11:01 PM
getting started & testing my security
I signed up last night and have been looking around the site for about an hour - I like what I have read so far but maybe there's an easier way to find what I've been looking for.
Is there a decent tutorial for newbies that gives some instructions towards properly sealing down and testing a linux server? I've turned off all non-essential services, but I am still paranoid about running dns, mail and web services.
Is there a consolidated tool I can use to test the security of my linux server? Or to really be safe, is the proper way to learn every possible hacking / DOS tool and try them on myself one by one?
November 18th, 2002, 11:13 PM
Hmm, so I take it you want to test your system for vulnerabilities and then get a printout of what needs to be fixed? Try searching for LanGuard, it will test the machine remotely and give you a list of vulns you have and provide links to the appropriate patches. Languard runs in windows, so it will only work if you have a machine with win on it to use on your server. If that wont work, go to www.sourceforge.com and search for a security scanner or something like that and you should get a few options for linux
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
November 18th, 2002, 11:48 PM
Nessus is what you need, (www.nessus.org) it will identify vulnerabilities on your server, and is kept fairly up to date, it will also do a port scan for you so you can be sure you have indeed closed all the ports. It has two components, a server and a client, the server has to be run on Linux, the client can be run on Linux or Windows. It produces a useful report that is easy to read.
Trying every single hacking too may be a little tricky due to the fact that new hacks are being discovered all the time, so by using a vulnerability scanner such as nessus you can test for a large number of them without having to manually try each one.
Quis custodiet ipsos custodes
November 19th, 2002, 03:33 AM
R0n1n's got the right idea with Nessus, it's a great way to find any vulnerabilites that are known. The other major thing is to upgrade any services when a vulnerability is found, don't leave it too long or someone may find out about it, especially if this server is a major server somewhere. If the server is supposed to provide services to a specific network only then look into a firewall of sorts, even if it's only a software based one. They can be set up to block access from certain networks when your regular services don't allow something like that. DoS can be hard to stop without some sort of filter on another computer such as a router as it can be as simple as sending so many connection attempts that the server locks up and stops responding, even if you have something to filter packets it may not be enough as only so much traffic can travel over the network and it can still cause a slowdown if not a complete disruption.
Reality is the one who has it wrong, not you
November 19th, 2002, 06:43 PM
A buddy found a tool which he was very impressed with, it's called bastille-linux.
I haven't used it yet, but it might be worth a look. You can download it HERE
Bastille Linux is a Hardening Program which enhances the security of a Linux box, by configuring daemons, system settings and firewalling. It currently hardens Red Hat, Mandrake, HP-UX and Debian, with support coming for SuSE and TurboLinux.
November 20th, 2002, 12:54 PM
Also another couple of bits that may be worth a look,
Try www.iss.net download an evaluation copy of Internet Scanner it may not be as good as nessus but the reports are out of this world !! It Suggests fixes where to obtain them from as well as other good concise info.
Also if you need this linux machine to be hardend why not do it the easy way?
www.checkpoint.com dont bother with there firewall but take a look at SecurePlatform.
Its hardend Linux, everything stripped out and ready to go and unlike other Checkpoint products this one really is useful and dare I say it 'secure' (ish). oh and the eval copy is free.
November 20th, 2002, 03:51 PM
on top of all these suggestions if you are running email and dns from a server on your network I hope you didnt forget to plan in a firewall for added protection...... Just a reminder
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click