June 25th, 2003, 07:46 PM
Getting started protecting Linux box
How do I get started protecting my server? Are there any good tools to simulate attacks or do I have to go out and do actual attacks on my own server?
June 25th, 2003, 07:51 PM
The Bastille Hardening System is something you may want to check into.
June 25th, 2003, 07:53 PM
For a Linux box theres a few things you can do. For one Bastille. Open up a browser and go to http://www.google.com
search for Bastille and then after you find the page for that search again for Linux security. Theres a few options that should help you out nicely. Also Mandrake And SuSE Linux come with firewalls which help too Setting up a wall will help you find out if your being attacked, also if you are you can trace the attack and notify the ISP if its actually an attack.
To do this normally you just send an e-mail to email@example.com
(for example if someone on AT&T was attacking you, you could send a mail to firstname.lastname@example.org or something like that.)
also search for Linux firewalls. Im not sure but red hat may have a built in one. I dont know off hand because im not a big red hat fan. anyway. Welcome to the wold of *NIX.
June 25th, 2003, 08:14 PM
Yes it does have one built in. There is even a wizard, go figure.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
June 25th, 2003, 09:15 PM
Thanks so far... please keep the suggestions coming.
I've searched MANY sites so far and I've found:
http://www.sans.org/top20/top10.php //Ten Most Critical Internet Security Threats
http://www.insecure.org/tools.html //NMap and Top 75 security tools
comments on these?
June 26th, 2003, 03:22 AM
also be sure to check out the linux documentation project, a lot of the security tutorials, FAQ's and how-to's are based around redhat linux and give instructions for the various versions of redhat
find that site here: http://www.tldp.org/
June 26th, 2003, 03:53 AM
Check out this thread started by phishphreek80 http://www.antionline.com/showthread...hreadid=245291 ..... got some great links to securing apache, php and mysql - well worth the read.
June 26th, 2003, 04:22 AM
I'd like to add a couple of things...
A nice "hardening checklist"
3part hardening linux tutorials (possibly more than 3 parts now...)
TCP wrappers are nice. They allow/deny access to certain services depending on hostname or ip address.
The linux kernel has packet filtering built in.
iptables is a good way to setup your firewall
If you are command line or hands on type of person...
if you are a point and click type of person
bastille has already been mentioned.. but BEWARE! I have already locked myself out of one box... so be careful what you pick... you've been warned.
want to audit your filesystem and user accounts and much much more? check out tiger
want to audit your services over the network? check out nessus
http://www.nessus.org/ (you can and will crash services depending on which plugins you use... you've been warned)
just remember... if you don't need the service... DON'T RUN IT!
Each service has its own security tweaking... so read up on each service that you are going to run.
That should be enough to keep you reading/playing for a bit...
Doh! I forgot tripwire... don't ask me how...
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
June 26th, 2003, 07:53 AM
Just so you know, I run my own site @ www.pureescape.net and I have enough trouble worrying about the site, then to worry about dns attacks. What I've done, is used several dns hosts. Alot of them are free, like my favorite www.zoneedit.com , they will actually host your dns for you absolutely free, for up to five domains. I host one dns server myself and the third at a friend's. So, I'm ready to meet a dns attack, standing on my feet. Should anything happen to one server, it will not take out my site, because the hacker would have to go after three dns servers on three different networks. So, you might want to look into that, and remember not to keep all your cookies in the same jar.
June 26th, 2003, 09:27 AM
Enable TCP syn cookies (which is a sysctl, but don't ask me which one, google for it), which apparently mitigates TCP flooding
Only allow your users SSH
And do the things the other posters suggested.