Results 1 to 10 of 10

Thread: Trying to Secure a linux box

  1. #1

    Trying to Secure a linux box

    Hi,

    I want to set-up a webserver on my linux 7.3 box. Soo i have doing some secruity checks running things like nessus and saint.And then i read somewhere to see if i have "world writable directories" by running this command
    find / -perm -2 -type -d print <------- Good idea or is there a better way?

    And here is the output:
    /dev/shm
    /var/lib/texfm
    /var/spool/vbox
    /var/tmp
    /tmp
    /tmp/.font-unix
    /tmp.ICE-unix
    /tmp/.X11-unix

    Can someone explain what this means and how can i make thses more secure and not writable? Would i just run
    chmod u=rwx "each directory" or do some of these files need different permissions?

    Here is another command:
    find / -type f\(-perm -04000 -a -user root\)-print

    Im just a newbie to the linux world and still learning soo r these commands a good idea to run or ... I am running iptables my firewall too.

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    Here is a tutorial written by problemchild on this very subject
    http://www.antionline.com/showthread...hreadid=234199

    hope it helps
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  3. #3
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    Well, you really want to leave all the stuff in /tmp and /var/tmp directories alone. They are world writable for a reason, so that apps and users which need temporary space can write to them. If you tighten those permissions down, you will probably find that a good many of your services and apps fail spectacularly.

    None of those directories should be available to an outsider through your webserver anyway, unless it is grossly misconfigured.

    Keeping an eye on world writable directories is definitely a good idea, but, be careful in /tmp and /var/tmp.


  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    I would also suggest that you download the hardening scripts called Titan. Here is a link.

    http://www.fish.com/titan/TITAN_documentation.html

    Keep in mind that these scripts are written for the purpose of hardening any *nix OS for the use of a Firewall. But it is easy enough to customise your own hardening script for the use on a webserver.

    Also, be sure to obtain security scripts for the webserver you are using (ie. apache).
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  5. #5
    Cool, thanks guys for those tips...

    Now another quick question.
    I want to know what each service does when my Redhat system starts up for exmaple:

    keytable
    atd
    apmd
    random
    ntpd

    Soo for this infomation i tryed /etc/services... and then went to google well www.google.com/linux . In the search field i type
    keytable +Redhat

    But what im looking for doesnt come up. Can you guys give me some examples if you were looking for this information where would u go? "google" proabably and what would be the search string, to see what the app. does and if i need it to start-up Thanks

  6. #6
    keytable loads your locale-specific keymap.
    atd carries out commands at times scheduled by the at command. This can be killed if you don't need or use the at command.
    apmd enables apm and battery status readings, so you can kill this service.
    random creates high-quality pseudo-random numbers, and can be killed.
    ntpd syncs your system clock with a specified ntp server, and can be killed too.

    HTH

  7. #7
    You can also try looking at /etc/fstab and seeing if you have lines for /var and /tmp .....
    if you do you can change the options to include "nosuid" and "noexec" separated by commas then remounting with "mount /var -oremount" and "mount /tmp -oremount".

    If you dont have lines for /var and /tmp you should investigate how to build a secure linux box.. the idea behind using different partitions is that you can mount them with different options as above.

    I reccomend :-
    http://www.tldp.org/LDP/solrhe/Secur...ution-v2.0.pdf

    even though it is designed for Redhat, you can apply the principles to any linux OS.

    Cheers
    .....Brain Failure....dumping core.... z z z

  8. #8
    It would be a good idea if you have / , /usr, /home and /var in different partitions, so that you can use krang's tip. By setting partitions nosuid and noexec, noone will be able to run stuff from them. And also, having distinct partitions for /home and /var (I usually have /tmp as a link to /var/tmp) means easier management, faster fsck, and if the var becomes full, you won't lose your work you are saving in /home. . AFAIK, the nosuid/noexec flags only work on ext2 (correct me if i am wrong), and this trick can be fooled.. (I've never tried to, but...) :/ Anyway, it is quite interesting anyway.
    Well, what else? have a look at /etc and make sure that files like syslog.conf can't be either read by anyone, nor be written to. Update your server often, dont run any other server you wont use (like apmd, lpd- if you are not going to print from this machine, forget it, etc). Services can be run standalone or by inetd, xinetd or similar. inetd's configuration file is /etc/inetd . Every line that begins with # is a comment, and will not mean anything to the program. So, to disable stuff you won't run, just add a # to the beginning of the line..

  9. #9
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    I'm flattered somebody linked to one of my tuts. <sniff>

    It would be a good idea if you have / , /usr, /home and /var in different partitions
    Funny enough, I have also written a tutorial on this topic as well. It is here.

    I usually have /tmp as a link to /var/tmp
    I usually don't advise this because mounting /var noexec can mess up some package managers, like RPM. But /tmp definitely needs to be noexec because about 90% of the SK exploits will attempt to run some kind of malicious code from /tmp.

    and this trick can be fooled
    Yes, it can be gotten around by using indirect paths. But the vast majority of attacks will come from SKs who have no idea what they are really doing, and that will stop them dead in their tracks.

    I have several tutorials linked from my profile on topics like chattr and lsattr, find, the wheel group, and other basic hardening techniques.
    Do what you want with the girl, but leave me alone!

  10. #10
    Hmm haven't seen your tuto before, problemchild. Great one!
    About the link, I never realised this.. last programs installed were from tarballs..
    And I use debian at home. Well, something else to bear in mind, didnt know that. Thanks for the info .
    Ah, and sure.. I was also thinking about the lowscript kiddies.. but if one succeeds to fool it, he will know the reason.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •