Securing Slackware

[gore]

Originally posted here by steve.milner
Tried this?

iptables -A INPUT -i eth0 -s 0/0 -d MyPrivateIPForSlackwarebox -p tcp --dport 22 -j DROP

Steve

Oh, and -p is protocol

"Bad argument --dport"

I just looked at the iptables help file and --dport isn't even an option it says. Does someone know if --dport has a new syntax? Or what? I'm looking here and there is nothing for --dport and I'm not sure what to switch it with.

[MrLinus]

"Bad argument --dport"

I just looked at the iptables help file and --dport isn't even an option it says. Does someone know if --dport has a new syntax? Or what? I'm looking here and there is nothing for --dport and I'm not sure what to switch it with.

Code:

Source: Manpage IPTables
--destination-port [!] [port[:port]]
    Destination port or port range specification. The flag --dport is an alias for this option.

What version are you using?

[chsh]

Originally posted here by gore
So, how do YOU Secure your Slackware boxes?

Very well thanks.
Seriously, it depends on the role of the box. Security's a rather complicated thing, and happens in layers. You can't say "these X instructions will work for all slack installs", since an application or service may have its own security documentation. A good example of this is Apache. I generally always apply the methods found in: InFocus: Securing Apache when doing apache installs, so they are a complement to securing your Slackware installation -- if it's a webserver.

It also varies greatly depending on the environment. Assuming someone does break into your system, if it is one in a series of machines you can get away with certain things, espsecially on servers, such as removing a compiler.

I am still searching for a good firewall / front end to IPTables, which I've yet to find. Anything I find seems to want X loaded. Well I don't.

Use Vim.

I've just found something called GShield, which I'm looking at right now, and hoping it's actually good. There seems to be a real bad low amount of firewalls made for Slackware, and most of them are crap.

Umm, linux is linux, so provided you can get the rules output as text it will work on any distribution.

Ig I could pick to change something in Slackware, I'd take out ProFTPd, and replace it with PureFTPd, I'd put a Firewall like "slackwarewall", something like that in it, and I'd make Postfix the default over Sendmail.

Why when ProFTPd is better? There's nothing about slack that MAKES you use one package over another. You can even customize the ISO to your liking. That's what I do here, I prefer VIm to ElVIs, so I don't even burn ISOs with ElVIs, and I have the VIm package contain a symlink to /usr/bin/vi. That is but one example. In both my opinion and my experiences, Slackware has proven to be the BEST distribution for customizing it to your liking. The simplicity of tarballs rules when trying to customize everything.

Heh, maybe one day I'll finally get good at C or ASM and make a tool for Linux called "SWAT" which I could say means "SlackWare Admin Tool". Damn I'm good with marketing lol.

SWAT already exists, it stands for Samba Web Administration Tool.

A few minutes ago I found a bit in one of my books how to get IPtables going very easy, but of course it didn't work.

iptables -A INPUT -i eth0 -s 0/0 -d MyPrivateIPForSlackwarebox -p tcp \ --dport telnet -j DROP

First off, -s 0/0 is assumed, so you don't need that. Secondly, you should NEVER have a rule like this in your rules. You should always default to DROP/REJECT, and only ACCEPT what you need to.
This is kind of beyond the scope of securing Slackware, as it applies to generally all firewall policies, and specifically to netfilter, which is available in linux in all kernels above 2.4.0 (IIRC).
Also, that rule works as of Slackware 9.0 (to my recollection), and guaranteedly so on 10.0:

Code:

$ iptables -A INPUT -i eth0 -s 0/0 -d 10.0.0.100 -p tcp --dport telnet -j DROP
$ iptables --list -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  0.0.0.0/0            10.0.0.100         tcp dpt:23

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[hogfly]

Gore: We've been satisfied with fwbuilder for iptables. It's got it's bugs but it does the trick..

[hatebreed2000]

As chsh said, security is a layered process. Or rather it should be. Most of the time it is not. Securing a slackware box is not any different that securing any other nix distro, it's a bitch and is time consuming. Not because it is nessesarly difficult, rather the methods inforced, the deployment of the security if you will. Before any IPtables are made, before kernels are updated. I say this because as I'm sure you all know, one of the first things you are looking to determine is what kind of services you will be running, what kind of risk are you looking at from running these services? Will there be any other users? How many if so? Who might try to take advantage of the situation? How about physical security? What if I have all of my software updated and configured properly then what? Most after asking themselves this question, IMO, would even if in a subconsious form belive that there work was done. They would put off updates and tweaks for months afterwards. By the time they get around to doing any more security focused work they find out that there system has been compromised.
So I believe that securing you slack box, or any one for that matter, the first question you should be asking is not where do I find the latest and greatest firewall or what configuration should my inetd have. Rather I think you should ask yourself; Do I have all my ducks lined in a row? In other words, am I ready to devout time to the security of my slack box? Sounds cheesy, gay whatever, but seriously, why would you just throw a firewall (which I think too many people use as a blanket rather than an additional line of security) on your system and think your good to go? You better have some time and patinence if you are seriously interested in locking down any box and keeping it locked down.

P.S.
For those of you who still didn't catch my drift on why securing any nix box is a bitch I will state it more clearly: Your work is never done.

[MrLinus]

For those of you who still didn't catch my drift on why securing any nix box is a bitch I will state it more clearly: Your work is never done.

That's true of any security system, device or OS.

[hatebreed2000]

Originally posted here by hatebreed2000
You better have some time and patinence if you are seriously interested in locking down any box and keeping it locked down.

I know. :P

BTW Ms.M I didn't want to start a whole new thread just for this and you aren't on IRC much, since you are a teacher I figured you might know some popular books among the proffessor types on Soloris and Oracle. I am trying to get a head start for next semester.

[MrLinus]

.. since you are a teacher I figured you might know some popular books among the proffessor types on Soloris and Oracle.

Man. Been a while since I've used Oracle. Last one I used was 8. I did find, however, that many of the Oracle Press books to be decent. If you take an officially sanctioned Oracle course, you'll probably get their little spiral bound courseware which is to the point and little fluff (never seen those in stores).

Solaris was a pick up as I use it (sorta like my FreeBSD). Last version I used was 7 or 8. I haven't checked out the newer versions because I don't have a machine to run it (I was hoping to acquire a Sparc but haven't lucked out yet). Solaris Administration wasn't bad for 7 but not sure how it does for 9. A Practical Guide to Solaris was really good (but hasn't been updated unfortunately -- it looks like Sobell has switched to Linux). But the one book that I've found to be a sort of "be-all-end-all" kind of book is what's referred to as the "Purple Book": UNIX System Administration Handbook. Covers quite a few major Unixes and again, it may be dated somewhat. Perhaps a gander through the bookstore and see what's out there in regards to Solaris material (and don't rule out Sun published books)

Solaris Central might be a good place to start online besides Sun's website.

HTH

[hatebreed2000]

Awesome, thank you.

[gore]

I wanted to do an update, I got what I needed today. A day off sort of, and my order from http://store.slackware.com came in today. I now have the Complete Linux reference, and the Slackware Essentials book. So I'll just read through these

I have a leet as hell Slackware TShirt and Pin now too. And Slackware 10 in a 4 CD set. I downloaded it when it came out but I want to support Slackware by buying it when I can.