[techtalk] Security techniques ( Redhat 6.2 question)

Melissa Plunkett mplunkett at tranquility.net
Sun May 28 19:59:52 EST 2000


Sorry to reply to this a bit late, I'm a tad behind in
email reading.
There is one other rather good automated security measure
that I use and believe is related to this discussion, esp
since logcheck was mentioned.  The software is portsentry
and is available by the same people that wrote logcheck at
http://www.psionic.com/abacus/portsentry/.  Its very 
configurable, for example you can handle port scans by 
using the feature that adds the offending ip to the
hosts.deny list.  Therefore you get both an email from
logcheck and the added benefit of having the ip blocked 
which is good since by the time you read the email from
logcheck the person might have already compromised your
box.  

Also the advice given before was very good, if you don't
need telnet, ftp, i.e. all the inetd services, then shut 
them off and use ssh for all your connecting needs (esp
if you are doing anything as root remotely).  
If you do need the inetd services use host.allow and 
host.deny as mentioned before for they are your friends and
will save you a big headache later :)

-Melissa

Beverly Guillermo wrote:
> 
> > I have been reading up security issues, but what I installed doesn't
> > even have the /etc/inetd.conf file. If I am reading  this correctly,
> 
> What did you install?  Or better yet, what type of services do you
> want available remotely or via network?
> 
> Here's what I did for general all purpose security:
> 
> Look into the manuals for host.allow and host.deny and ipchains
> for firewall issues.  However trying to figure out the rules for ipchains
> is not for the faint (??) of heart.  heh.
> 
> Set up a nice set of ipchains rules (such as the ones that tell you
> about any TCP SYN scans and DENY unused ports (or just
> set the default policy to DENY for extreme measures).
> 
> Set up logcheck properly.
> 
> And then wait for the huge email to root when someone tries
> to port scan you.
> 
> I don't use automated software that can close ports, it
> will cause a DoS and I don't want to be shut out of my own
> system.  I really haven't heard of any good automated security
> measures.  Has anyone else?
> 
> Beverly
> 
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk





More information about the Techtalk mailing list