[techtalk] Tightening Security

Eric R. Turner turnere at cc.wwu.edu
Mon Feb 19 23:29:27 EST 2001


On Mon, 19 Feb 2001, Christian MacAuley wrote:

> Recently i've gotten a few complaints about probes/scans from one of my
> computers (a Cobalt Linux server.)  I've looked at my logs and i can see no
> one was logged into it at the time that the scans were reported.  Does that
> mean someone is spoofing me?
>

Is the Linux server used as a gateway to the Internet for an internal
network, and is it doing IP Masquerading for the hosts on that internal
network? If so then any scans done by a host on the internal network will
appear to come from your server.

 
> I'd like to make sure all the ports i'm not using are closed, and generally
> tighten security ... how do it do it?

Only start daemons at run-time which respond to the ports you want to
allow, and only allow inetd to dynamically start the daemons that you want
(read the man page for inetd). To block everything else I recommend using
portsentry. It can be configured to automatically drop hosts into
/etc/hosts.deny and to add them to ipchains rules so that they are set to
DENY on the input chain.

>  Also, i've heard that there's no
> point in installing a firewall on a Linux server -- is that true?
> 

Linux has built-in firewalling (called ipchains in the 2.2.x
kernels). It's basically just a packet-filtering firewall and
will probably be sufficient for your needs, but you should read the docs
to make sure. I also recommend reading "Building Internet
Firewalls" published by O'Reilly. Setting up firewall rules can be tricky,
and is easy to do wrong, so do your homework!

> Any thoughts or advice would be appreciated :)
> 
> Thanks,
> Christian
> 
> -----------------------------
> Christian MacAuley
> work » http://colortheory.net
> play » http://jellspace.net
> -----------------------------
> 
> 
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk
> 

--
My public OpenPGP key can be found at
http://www.wwu.edu/~turnere/turnere.asc





More information about the Techtalk mailing list