Securing Slackware

[gore]

Hey everyone,

Besides doing a paper on Slackware Linux VS Free BSD I also run two Slackware machines here at home, and well, besides wanting to have a cool discussion for the front page, I'd like too see how others do it at well.

So, how do YOU Secure your Slackware boxes?

I am still searching for a good firewall / front end to IPTables, which I've yet to find. Anything I find seems to want X loaded. Well I don't.

I don't always use X on my Slackware machines, and firestarter, shoewall, and most others either want KDE or GNOMe loaded to work. Firestarter I've used and found it easy to set up, but having to have GNOME loaded the whole time is just annoying. When you switch to Runlevel 3, it dies. And won't run in it.

So what is a good firewall you've found that works without X? I'd like to find something like the application Firestarter that will continue to run when I take down X.

I've just found something called GShield, which I'm looking at right now, and hoping it's actually good. There seems to be a real bad low amount of firewalls made for Slackware, and most of them are crap.

SUSEFirewall2 remains the best firewall I've seen for Linux, even though it is just a front end for IPTables, but at least it stays up when you shut X down.

Currently, I use Swaret, which before that I just used wget for my patches, and other than that I have nothing really in place but a hardware firewall. The only problem is, if I pop the box in my DMZ, poof, unprotected as hell.

I have been looking for a GOOD paper on IPTables, but the ones I find are very boring, very long, and not very informative. I've never used IPTables directly, and even though I'd like to, I haven't got the time right now to actually sit down and learn them.

This is a side effect of me working two jobs, going to college full time, and in the one day a week I get off, I have to do homework, and do things here at home, so I haven't had much time. Which is why I'd like to get a decent front end for IPtables so I can allow, say, SSH, Apache, and FTP through, and when I'm not using those, have all ports closed.

I've been trying to talk Pat into making a firewall for Slackware, but I haven't gotten a reply. Maybe SUSE will make a port of SUSE Firewall2 too Slackware. I have yet to find anything better. It has an easy to use interface, but also has a lot of advanced stuff to set by hand as well.

So has anyone here found something decent? What firewall do you use for Slackware?

Ig I could pick to change something in Slackware, I'd take out ProFTPd, and replace it with PureFTPd, I'd put a Firewall like "slackwarewall", something like that in it, and I'd make Postfix the default over Sendmail.

Heh, maybe one day I'll finally get good at C or ASM and make a tool for Linux called "SWAT" which I could say means "SlackWare Admin Tool". Damn I'm good with marketing lol.

Anyway, Please, don't reply saying you have some Windows firewall you like, I want this to be a good clean thread with some humor, and a lot of information. If you find something or use something really good, and you want me too, I'll add you to my paper and give you credit for finding it. I'm obviously going to talk about anything I find that I like, and if you want I'll add you in there.


A few minutes ago I found a bit in one of my books how to get IPtables going very easy, but of course it didn't work.

iptables -A INPUT -i eth0 -s 0/0 -d MyPrivateIPForSlackwarebox -p tcp \ --dport telnet -j DROP



I tried that but it says that the --dport is not valid. So like, does anyone know what is valid? I've looked at that command and it seems too me that a good guess is dport would be destination port, -i is interface, -p would be port, and -d would be destination. I'm only guessing here though.

[Soda_Popinsky]

http://www.justlinux.com/nhf/Securit...es_Basics.html
This is the tut I used to get the hang of IPtables before I went to harder stuff.

I am a slapt-get fan, I haven't used swaret yet.


Let's see some replies, Antionline Security Forum. This is a thread I have my eye on.

[the_JinX]

More important then a firewall are the services..
Remove (#) as much as you can from /etc/inetd.conf
Don't forget to /etc/rc.d/rc.inetd restart

I tend to like DIY firewalls..
A minimalistic NAT firewall like this

Code:

#!/bin/bash
# Minimal NAT rules

echo -n "Iptables "
   iptables --flush
   iptables --table nat --flush
   iptables --delete-chain
   iptables --table nat --delete-chain
echo "flushed"

echo -n "Iptables "
   iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
   iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo "nat"

Another version I like is the one from adsl4linux (dutch).

The firewall comes in an iptables and ipchains version and can be found here..
http://cvs.sourceforge.net/viewcvs.p...nux/templates/

You'll propably want the iptables version (unless you are running a 2.2 kernel)..
Download both firewall.iptables and firewall.iptables.conf

Copy the firewall.iptables.conf to /etc/
Copy the firewall.iptables to /usr/local/sbin/
And make it executable.. chmod +x /usr/local/sbin/firewall.iptables

The .conf file has loads of info and help.. And isn't in dutch

[Phat_Penguin]

Heh, maybe one day I'll finally get good at C or ASM and make a tool for Linux called "SWAT" which I could say means "SlackWare Admin Tool". Damn I'm good with marketing lol.

Gore - Not that good - few have beaten you too it: SWAT - Special Weapons And Tactics, Samba Web Administration Tool .... been done to death ... back to the drawing board .....

gShield is good, I run that on Slack and Gentoo .... until I put life back into a little old computer and made it a dedicated firewall and shoved Smoothwall on it .... made life really simple with web interfaces for everything that needs doing.... a firewall that comes with Snort IDS, Squid Proxy Server, VPN, comprehensive log reports blah blah.... very easy to administer from a browser - and after a few easy mods (have to get dirty on the commandline here) its even running Dansguardian content filtering with clamv virus detection to stop the web nasties from getting in.

Along with a "mod" called Guardian - port scan my IP > Snort detects the odd behaviour > Guardian mod jumps into action > slam dunk !! your IP is on the banned/blocked list .... automagically - love it....

Smoothwall is worth looking at if you have an old box lying around and can afford to run a dedicated firewall.

But getting away from this sales pitch for Smoothwall - Bastille offered commandline "set up" for hardening a box, never did have any joy getting it running on Slack but didn't try that hard either once gShield was on.

[MrLinus]

Thymus' Securing Slackware Guide. Granted it's 8.1 but should cover most of the important areas.

[steve.milner]

Originally posted here by gore
iptables -A INPUT -i eth0 -s 0/0 -d MyPrivateIPForSlackwarebox -p tcp \ --dport telnet -j DROP

Tried this?

iptables -A INPUT -i eth0 -s 0/0 -d MyPrivateIPForSlackwarebox -p tcp --dport 22 -j DROP

Steve

Oh, and -p is protocol

[KeyserSoze]

Originally posted here by gore


I don't always use X on my Slackware machines, and firestarter, shoewall, and most others either want KDE or GNOMe loaded to work.

Are you referring to shorewall? Just curious, cause I didn't think it needed any desktop environment, unless you are using webmin to configure it. Only thing I believe I needed to do to get it running on Slack was grab the iproute utility (I had used a default install). I currently use it on both my slack boxes, and it has never complained when I'm in the console only.

[SirDice]

Besides doing a paper on Slackware Linux VS Free BSD {..}

I can only tell you how to secure FreeBSD

[Maestr0]

My favorite *nix tool for firewalls is by far Firewall Builder 2.0. The latest revision of this great tool has been completely rewritten to use QT 3 for the gui API replacing GTK. This tool allows you to organize interfaces,networks,rules,policies and more into objects and templates which can easily be reused to create new firewalls or modify existing ones with ease. Firewall builder then creates the ruleset for the platform you require and supports all my favorites. (iptables,ipchains,ipfilter,pf,pix,and even custom linksys firmware!) FWB even checks all your rules for rule shadowing and other configuration errors and will then produce a script to install the new firewall and will connect via SSH to the target machine (which of course does not require X) and install the new firewall for you. This is easily the most kick ass firewall tool I am aware of and I reccomend anyone who is involved in building or maintaining firewalls (or anyone who would like to learn, the scripts provide an excellent way to study the diffrent rulesets) check this tool out. It is of course a sourceforge project.

http://www.fwbuilder.org/

[gore]

Wow, this got more replies than I thought it would, heh. I'll check out everything here and see if there is something that stands out.

Heh, I can use IPFW with Free BSD but the Linux based one doesn't want to work. (IPFW was what made IPTables if my reading is correct). Thank you all, very good information here, and most likely when I start doing Firewalls for Slackware in my paper I'll point a link to this so you all get some credit for helping me out.

I've wanted to get a 486 and set it up as a firewall,. but I don't have a 486 yet. I'm thinking I'd use Slackware for that with an upgraded Kernel, because The Linux Kernel was the first Kernel to have a fully RFC Complient TCP stack. So I'd use that.

Thanks again guys, you certainly have given me quite a bit of reading to do.

I'm trying to talk my college into letting me have a copy of Sun Screen. I need the experience. Heh.