Re: Debian Security - Configs, etc...

From: Colin McKinnon (colin.thisisnotmysurname_at_ntlworld.deletemeunlessURaBot.com)
Date: 10/05/04

• Next message: Bit Twister: "Re: newbie virus question"
• Previous message: theoretical: "Re: newbie virus question"
• In reply to: Arax Qrantz: "Debian Security - Configs, etc..."
• Next in thread: Abdullah Ramazanoglu: "Re: Debian Security - Configs, etc..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 05 Oct 2004 21:26:02 GMT

Arax Qrantz spilled the following:
>
> I update all my programs, kernel, etc on a regular basis, but
> outsiders still seem to get in.
>
> I am running the following (most of them latest versions):
>
> Tomcat + Apache
> Qmail
> OpenSSH
> IRCd Hybrid (not active for now)
<snip>
>
> My general question is:
>
> What more should I secure or look out for on my box to make sure no
> one (un authorized) gets in?

Ensure your machine is clean and safe (format hd, reinstall everything,
restore data files only from backup).

Are the things you've listed above the only things acessible from the
network? Are you sure? Try running netstat -a to make sure.

What can you do to restrict access to the services from the network by
configuring a firewall? (most firewall scripts will also provide protection
against generic attacks - I like firestarter but there others). Can you
limit access to particular hosts? Interfaces?

What can you do in the config of each network application to limit access
(e.g. don't allow root to ssh in / only allow users of a particular group
to login via ssh). Work your way through the config of each service - try
to understand what it's doing and why it does it. Early versions of apache
used to ship with vulnerable CGI scripts - they've probably learnt that
lesson, but loose any scripts that came with it.

Go through the CERT checklist http://www.cert.org/tech_tips/usc20_full.html
and make sure your machine complies.

Plan ahead for the next time you get root-kitted - use an IDS like L5 or
tripwire, make backups.

HTH

C.

• Next message: Bit Twister: "Re: newbie virus question"
• Previous message: theoretical: "Re: newbie virus question"
• In reply to: Arax Qrantz: "Debian Security - Configs, etc..."
• Next in thread: Abdullah Ramazanoglu: "Re: Debian Security - Configs, etc..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages 2.6.14.git: user-mode-linux/x86_64 does not build ... .config is attached later. ... # Loadable module support ... # UML Network Devices ... # CD-ROM/DVD Filesystems ... (Linux-Kernel) Re: Ho ho ho.. Linux 2.6.15-rc7 ... Somebody broke UML compile for my config again... ... # Loadable module support ... # UML Network Devices ... # CD-ROM/DVD Filesystems ... (Linux-Kernel) Re: [SLE] Firewall zones ... In fact, it seems that with only one interface (network card), turning off ... ever change the net on the router). ... this is no substitute for proper security in the config ... effectively moves it from the external zone to the internal zone. ... (SuSE) A Framework to automatically configure a Kernel ... automatically generates a Kernel-Configuration. ... I've right-now almost finished a framework that generates a ... .config file based on the target system. ... Those scripts answers are depending on the ... (Linux-Kernel) RE: Nmap output ... Try using Nlog. ... NLog is a set of PERL scripts for managing and analyzing your nmap 2.0+ ... web based service gateway to an internal network. ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint