Re: Not wanting to send my box to τ Ceti



On Sep 9, 9:58 pm, "tuuttuutt...@xxxxxxx" <tuuttuutt...@xxxxxxx>
wrote:
Thanks a lot David!

I started using linux in 1999 (redhat) but I never knew that there
actually was a firewall in the kernel... Never bothered about it either
actually :-)
Learning the chrootkit output will be quite a nice challenge to tackle I
think.
And yes the 2.3.28.11 is the latest release... Compiling a new kernel
isn`t that much of a problem though, I`ll check that out this weekend
(nice project :-)

Thanks again for your helpful comments!

David W. Hodgins wrote:
On Tue, 08 Sep 2009 18:10:26 -0400, tuuttuutt...@xxxxxxx
<tuuttuutt...@xxxxxxx> wrote:

  -1- firewall, preferably one with all the ports closed as default so I

The kernel has a firewall built-in called netfilter.  The tables to control
it can be setup using the iptables command, or you can install a firewall
configuration tool, such as shorewall.  Once you configure shorewall, as to
which interface(s) should be filtered, the default is all inbound new
connections are blocked.  There are several gui applications to simplify
the shorewall configuration, such as webmin.

  -2- rootkit detector

chkrootkit, but beware of false positives for the LKM trojan and threads
being reported as hidden processes.  Get used to what is normally in the
report, ignore those, and just watch for new additions.

  -3- any (on-line) reading about java vulnerabilities on linux. Google

As long as you have the latest version, you should be ok.

Kernel 2.3.28.11 generic

Is this the latest release of linux mint?  I'm running Mandriva 2009.1,
using the kernel 2.6.29.6-1 kernel.  There have been security updates
for the kernel, recently, so you need to find a newer version, or
possibly switch distributions, to get one.

Regards, Dave Hodgins

I'd second the recommendation of chkrootkit.

If you're that concerned about security, consider using a host IDS
(like tripwire or L5).

There is little scope for intrinsic vulnerabilities in a programming
language (although Java does have some complex and abstract APIs on
top of the network functionality) but there is huge scope for
introducing vulnerabilities in the code written in a particular
language.

C.
.



Relevant Pages

  • Re: Shorewall question
    ... > yesterday I tried to activate shorewall as a firewall on a 2.6.8.1 ... > I don't believe it is the kernel, but rather something silly in my ... using Linux GNU/Debian || for book reviews, ...
    (Debian-User)
  • Re: natd starting after firewall rules are loaded
    ... that I did, in fact, build the kernel with several firewall options, ... kernel and built it, and, since divert is already there, the firewall ... Once the system is up, i can ipfw list and the divert command is, ...
    (freebsd-net)
  • [patch] move ipfw logging to after syslogd
    ... We have a problem that on our busy firewalls, a boot and shutdown ... can be delayed by up to 20 minutes by the kernel printing log ... most kernel activity appears to be suspended by outputting ipfw ... echo 'Firewall rules loaded.' ...
    (freebsd-current)
  • Re: Linux firewall on P166
    ... Which is it, ipchains or iptables? ... gives you a much stronger firewall. ... It's difficult to do much with 4MB RAM, ... > of a specially-tailored kernel. ...
    (comp.os.linux.networking)
  • Re: Linux firewall on P166
    ... Which is it, ipchains or iptables? ... gives you a much stronger firewall. ... It's difficult to do much with 4MB RAM, ... > of a specially-tailored kernel. ...
    (comp.security.firewalls)