Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Linux Security/firewall

  1. #11
    Member
    Join Date
    Oct 2001
    Posts
    88
    Yes, with the 2.4.x kernels came iptables to replace ipchains as the defacto packet filtering firewall tool. iptables && netfilter etc. are great! I do recommend a kernel patch like grsecurity/LIDS/OpenWall etc.. to secure the box a little better. *n?x exploits often involve executing code on the stack, so anything you can do to make such a thing hard/difficult/impossible greatly improves your security.

    The other thing I would recommend is remove the setXid bit from anything that does not absolutely have to have it. setXid (setuserid and setgroupid) is the real killer on any flavor of *n?x if the system is compromised.

    The default Linux install comes with a long list of setXid programs by deafult. I really do recommend auditing these.
    A very simple way to find them is to type the following on the command line:
    # find / \( -perm -02000 -o -perm -04000 \) -ls > setXid.txt

    Then you can open setXid.txt in an editor like vi and see what you don't really need to be setXid.

    Also, (while I am in the mood to post ) take a look at `chattr' and `lsattr', read their man pages and get to know them. I use `chattr +i program_name' on anything that could be of use to a hacker if they gain access to my system. This greatly reduces the threat of root-kits and other trojaned programs because the file can not be modified in *any* way. `chattr +a /var/log/logname' is another good one because it puts the log/file in append mode only. The hacker if successful will not be able to modify the logs to erase evidence that s/he was there.
    (note: chattr & lsattr are only available on Linux, no Unix flavors have these binaries afaik )

    Just a couple of ideas for you.

  2. #12
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    a mandrake firewall.......you have a few options as previously said. I may have missed it. But I don't think anyone mentioned the Linux single network firewall that was released by mandrake....for mandrake. the easiest thing to do...and I don't believe it was mentioned either.....set up IPchains or IPtables as your firewall. thats all the others are anyways...for the most part. you can find howtos on almost any linux/unix site......



    I stand corrected....IPchains was mentioned
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  3. #13
    Junior Member
    Join Date
    Dec 2001
    Posts
    11

    Cool

    If you want a firewall for Lin¡nux you can probe IpChains I think that it comes in the distribution, if no come you can dowload from this url http://209.100.212.5/cgi-bin/search/...value=ipchains if no connect or give you some problem put this other url http://packetstorm.decepticons.org/ nad in the search put IpChains I think tahat now it can change of name and now his name is IpTabbles but I not sure. In the paquet will come some documentation but if dont come i send a how to of use it bye
    Hide your face forever
    dream and search forever
    night and night you feel nothing
    there\'s no way outside of my land

    Open your eyes, open your mind ...



  4. #14
    Ipchains or iptables both are great for
    shutting down your box,also you can use portsentry with these two to double your
    security.you can find portsentry at:
    www.psionic.com.

    Also you need to shutdown any services
    that you are not using like,NFS,NIS,
    portmap,fingerd.shutdown all of your
    rservices,make sure that you dont allow
    root logins. cheak ssh and make sure it
    says no to "root login".Use xinetd instead
    of inetd.

    good luck
    Crimina1.

  5. #15
    Just a few words to give more explanation about Linux Bastille.

    This is project, (http://www.bastille-linux.org/) leaded by Jay Beale , a man working at Mandrake, that installs itself on RedHat and Mandrake. Program is shipped by default in RPM with Mandrake (CD1), no idea about RedHat.

    This is a GUI that explain you very clearly what options, what issues and so on... and configure your firewall.

    This is known as very secure and efficient.

    A+ hantiz./
    Linoux c\'est de la bombe bébé !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •