Getting started protecting Linux box
Results 1 to 10 of 10

Thread: Getting started protecting Linux box

  1. #1
    Junior Member
    Join Date
    Jun 2003
    Posts
    2

    Getting started protecting Linux box

    Hello All,

    I have a reasonable amount of experience coding (javascript, ASP,PHP, SQL) but I am new to unix. I recently set up a server (Red Hat Linux) for an extremely busy site and a month later I suffered a BIND DNS attack and now I think someone is doing TCP Flooding.

    How do I get started protecting my server? Are there any good tools to simulate attacks or do I have to go out and do actual attacks on my own server?

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    The Bastille Hardening System is something you may want to check into.

    Info. HERE

    Download HERE

    Good luck.


    Cheers:
    DjM

  3. #3
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    For a Linux box theres a few things you can do. For one Bastille. Open up a browser and go to http://www.google.com

    search for Bastille and then after you find the page for that search again for Linux security. Theres a few options that should help you out nicely. Also Mandrake And SuSE Linux come with firewalls which help too Setting up a wall will help you find out if your being attacked, also if you are you can trace the attack and notify the ISP if its actually an attack.

    To do this normally you just send an e-mail to abuse@isp.com

    (for example if someone on AT&T was attacking you, you could send a mail to abuse@att.com or something like that.)

    also search for Linux firewalls. Im not sure but red hat may have a built in one. I dont know off hand because im not a big red hat fan. anyway. Welcome to the wold of *NIX.

  4. #4
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834

    Red Hat

    Yes it does have one built in. There is even a wizard, go figure.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #5
    Junior Member
    Join Date
    Jun 2003
    Posts
    2
    Thanks so far... please keep the suggestions coming.

    I've searched MANY sites so far and I've found:

    http://www.sans.org/top20/top10.php //Ten Most Critical Internet Security Threats
    http://www.insecure.org/tools.html //NMap and Top 75 security tools

    comments on these?

  6. #6
    Senior Member
    Join Date
    Aug 2001
    Posts
    352
    also be sure to check out the linux documentation project, a lot of the security tutorials, FAQ's and how-to's are based around redhat linux and give instructions for the various versions of redhat

    find that site here: http://www.tldp.org/

  7. #7
    Senior Member
    Join Date
    May 2002
    Posts
    450
    Check out this thread started by phishphreek80 http://www.antionline.com/showthread...hreadid=245291 ..... got some great links to securing apache, php and mysql - well worth the read.

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I'd like to add a couple of things...

    A nice "hardening checklist"
    http://www.linux-mag.com/downloads/2...arden_list.htm

    3part hardening linux tutorials (possibly more than 3 parts now...)
    http://www.antionline.com/showthread...hreadid=241987

    TCP wrappers are nice. They allow/deny access to certain services depending on hostname or ip address.
    http://www.ankitfadia.com/tcpwrap.htm

    The linux kernel has packet filtering built in.
    iptables is a good way to setup your firewall

    If you are command line or hands on type of person...
    http://www.telematik.informatik.uni-...s-HOWTO-3.html

    if you are a point and click type of person
    http://www.fwbuilder.org/

    bastille has already been mentioned.. but BEWARE! I have already locked myself out of one box... so be careful what you pick... you've been warned.

    want to audit your filesystem and user accounts and much much more? check out tiger
    http://www.tigersecurity.org/

    want to audit your services over the network? check out nessus
    http://www.nessus.org/ (you can and will crash services depending on which plugins you use... you've been warned)

    just remember... if you don't need the service... DON'T RUN IT!

    Each service has its own security tweaking... so read up on each service that you are going to run.

    That should be enough to keep you reading/playing for a bit...

    Doh! I forgot tripwire... don't ask me how...
    http://www.tripwire.org/
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Just so you know, I run my own site @ www.pureescape.net and I have enough trouble worrying about the site, then to worry about dns attacks. What I've done, is used several dns hosts. Alot of them are free, like my favorite www.zoneedit.com , they will actually host your dns for you absolutely free, for up to five domains. I host one dns server myself and the third at a friend's. So, I'm ready to meet a dns attack, standing on my feet. Should anything happen to one server, it will not take out my site, because the hacker would have to go after three dns servers on three different networks. So, you might want to look into that, and remember not to keep all your cookies in the same jar.


    --PuRe www.pureescape.net
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Enable TCP syn cookies (which is a sysctl, but don't ask me which one, google for it), which apparently mitigates TCP flooding

    Only allow your users SSH

    And do the things the other posters suggested.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •