Linux Security/firewall

Printable View

December 2nd, 2001, 05:54 AM
lekt0r

Linux Security/firewall

I run Mandrake 7.2 and I have no idea how to go about setting up a secure firewall. Are there any firewalls available for download or any tutorials on going about securing my box? Any help would be greatly appreciated. Thanx.
December 2nd, 2001, 06:28 AM
stflook

I have asked that same question before, and was pointed in the direction of Bastille. It seems to have worked fine for me so far. The only difference is I wanted to lock down a Red Hat box. I believe it works for Mandrake too, though.
December 2nd, 2001, 06:38 AM
lekt0r

Thanx for the info. I just looked over a CD that I have that came with a *nix security book and it has that firewall as well as a few other utilities. I will install it for sure. Thanx again.
December 2nd, 2001, 09:42 AM
dieterle81

a lot of good links for the basic knowledge about firewalls

http://www.infosyssec.com/infosyssec/firew1.htm
http://www.linux.com/howto/Firewall-HOWTO.html
December 2nd, 2001, 11:46 AM
bAgZ

I have mandrake 8.0 and as i can recall there is a firewall that comes with it. It is fairly simple to put it on if you just go into mandrake contol center and under security you have a tab to configure firewall ... I am not sure but i think it was tiny firewall that comes on cd's. Anyway i have no idea about mandrake 7.2 i assume you can download one. :cool:
December 2nd, 2001, 02:20 PM
Rewandythal

I use Mandrake 7.1, and in my Linuxconf > Security dialog I've got a Network Something-or-others section which allows me to configure routers and an ipchains based basic firewall.
December 5th, 2001, 05:01 PM
Vorlin

For firewall information, it's a good idea to get to know what the wondrous 'ipchains' can do for you. Standard installations (RH and other RPM based linuxes) have it by default and it can definitely either A: make your system secure on a rule-based system or B: totally lock you inside with no way out (nooooo!)!

Seriously, ipchains, for me, has been a lesson in how ports and protocols work (tcp/udp) for local intranets and internet access.
It does just about everything you can think of from masquerading, filtering, denial, rule-based permission, etc...

In coordinance with ssh (public/private key exchange and 'trusted hosts/users'), you can make a box pretty f'ing secure.

http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
http://www.openssh.org
December 5th, 2001, 05:07 PM
Focmaester

A great site about firewalls (all sorts) www.firewalls.com

Or if you want to easily setup a machine as a firewall then try smoothwall.
December 5th, 2001, 06:33 PM
psi0nic

If you are comfortable with rebuilding your kernel, or willing to dive in with some reading on doing it. I would suggest getting getting the latest kernel sources (2.4.16 and *not* 2.5.0) from http://www.kernel.org. Then get the grsecurity patch from http://www.grsecurity.net, it has the following features that together with a properly configured firewall like iptables will give you some pretty great security.

<snip from grsecurity>

OpenWall Non-executable Stack
CONFIG_GRKERNSEC_STACK
If you say Y here, your system will not allow execution of code on the stack, making buffer overflow exploitation more difficult.

Gcc trampoline support
CONFIG_GRKERNSEC_STACK_GCC
If you say Y here, the system will support trampoline code along with the stack protection. If you do not have any programs on your system that require this (glibc 2.0 users must say YES to this option) you may say no here.

There is a long list of others, I recommend at least checking it out.
December 5th, 2001, 07:02 PM
chsh

Ummm, to my knowledge, every 2.4 Kernel-based linux distribution includes netfilter, does it not?

Netfilter is a stateful packet filtering firewall, and you can access it via iptables or ipchains. If you're willing to learn, you can do quite a lot with it.
December 6th, 2001, 09:02 AM
psi0nic

Yes, with the 2.4.x kernels came iptables to replace ipchains as the defacto packet filtering firewall tool. iptables && netfilter etc. are great! I do recommend a kernel patch like grsecurity/LIDS/OpenWall etc.. to secure the box a little better. *n?x exploits often involve executing code on the stack, so anything you can do to make such a thing hard/difficult/impossible greatly improves your security.

The other thing I would recommend is remove the setXid bit from anything that does not absolutely have to have it. setXid (setuserid and setgroupid) is the real killer on any flavor of *n?x if the system is compromised.

The default Linux install comes with a long list of setXid programs by deafult. I really do recommend auditing these.
A very simple way to find them is to type the following on the command line:
# find / \( -perm -02000 -o -perm -04000 \) -ls > setXid.txt

Then you can open setXid.txt in an editor like vi and see what you don't really need to be setXid.

Also, (while I am in the mood to post :D) take a look at `chattr' and `lsattr', read their man pages and get to know them. I use `chattr +i program_name' on anything that could be of use to a hacker if they gain access to my system. This greatly reduces the threat of root-kits and other trojaned programs because the file can not be modified in *any* way. `chattr +a /var/log/logname' is another good one because it puts the log/file in append mode only. The hacker if successful will not be able to modify the logs to erase evidence that s/he was there.
(note: chattr & lsattr are only available on Linux, no Unix flavors have these binaries afaik :( )

Just a couple of ideas for you.
December 7th, 2001, 04:47 AM
hogfly

a mandrake firewall.......you have a few options as previously said. I may have missed it. But I don't think anyone mentioned the Linux single network firewall that was released by mandrake....for mandrake. the easiest thing to do...and I don't believe it was mentioned either.....set up IPchains or IPtables as your firewall. thats all the others are anyways...for the most part. you can find howtos on almost any linux/unix site......

I stand corrected....IPchains was mentioned
December 16th, 2001, 10:38 AM
PainShock

If you want a firewall for Lin¡nux you can probe IpChains I think that it comes in the distribution, if no come you can dowload from this url http://209.100.212.5/cgi-bin/search/...value=ipchains if no connect or give you some problem put this other url http://packetstorm.decepticons.org/ nad in the search put IpChains I think tahat now it can change of name and now his name is IpTabbles but I not sure. In the paquet will come some documentation but if dont come i send a how to of use it bye :)
December 16th, 2001, 11:51 AM
Crimina1

Ipchains or iptables both are great for
shutting down your box,also you can use portsentry with these two to double your
security.you can find portsentry at:
www.psionic.com.

Also you need to shutdown any services
that you are not using like,NFS,NIS,
portmap,fingerd.shutdown all of your
rservices,make sure that you dont allow
root logins. cheak ssh and make sure it
says no to "root login".Use xinetd instead
of inetd.

good luck
Crimina1.
December 17th, 2001, 01:22 PM
hantiz

Just a few words to give more explanation about Linux Bastille.

This is project, (http://www.bastille-linux.org/) leaded by Jay Beale , a man working at Mandrake, that installs itself on RedHat and Mandrake. Program is shipped by default in RPM with Mandrake (CD1), no idea about RedHat.

This is a GUI that explain you very clearly what options, what issues and so on... and configure your firewall.

This is known as very secure and efficient.

A+ hantiz./