The best way (measuring from simplicity and efficiency) is to see what openings there
are and close them. Same as on any OS.
Nmap is a great tool to see what is open.
Saint/Satan do not secure anything, they are only analysis tools.
Get nmap (www.insecure.org). Run it on yourself:
nmap -v 127.0.0.1
This will show you something like:
Port State Service
21 open ftp
23 open telnet
80 open http
31337 open Elite
Once you know what services are running, you then hunt around and turn them off. Most
unix services can be found in /etc/inetd.conf. For the above system you'd comment
the lines that talk about ftp and telnet, etc. Then restart inetd (the internet super
server): killall -HUP inetd.
Then run nmap again and see what is left.
When nmap reports no services, THEN you are secure.
If you need services available to the internet, this is where security gets more
complicated.
lpd and portmap are found in your startup scripts. On debain, look in /etc/init.d.
In mandrake/redhat use chkconfig. Something like:
chkconfig --list (to see what services are available)
chkconfig --list |grep -i on (to see what services are running in what
runlevel)chkconfig --levels <service, ie lpd> 2345 off
(to turn off that service for runlevels 2-5. I think the syntax is correct, 'man
chkconfig' to verify)
Cory
On Fri, Dec 22, 2000 at 02:13:28AM -0800, [EMAIL PROTECTED] wrote:
> Ok what are peoples ideas about how to secure a linux box out there. Is
> saint/satan the best, if so why? Maybe a security demo on that kind of
> thing... We could break this down into two topics security schemes and
> programs?
>
> Michael Smith wrote:
>
> > Well, you'll notice that you get alot of pokes like this from other boxes.
> > Usually, they're from boxes that have already been cracked and now they're
> > probing you to see if you're vulnerable. I get on about once every other
> > day. There are a couple of exploits for almost any service, and ftp seems to
> > be gaining in favor for script kiddies. You have to realize, your box is
> > connected to the world. Some of that is good--some of that is bad.
> >
> > BTW, what's your connection? If you have a full-time, always-on connection,
> > we probably should have a talk about security. If you have dialup, somebody
> > probably just got lucky when they scanned the block that your address was
> > assigned to, and just happened to catch you at a time when you were
> > connected.
> >
> > One of these days, I'm going to talk at a Saturday meeting about nmap (or at
> > least my highly-hacked version of imap ;^P --if this doesn't make sense,
> > follow this thread), ipchains, /etc/host.[deny|allow], logcheck, and
> > portsentry. It might be quite a few months off, so if anybody has a more
> > pressing concern, they should ask me in person.
> >
> > --Mike
> >
> > James wrote:
> >
> > > But what I want to know is *why* would there be a random attempt to FTP to
> > > my server, to begin with? What could host3.bbdev.com possibly gain by
> > > trying to ftp into my server? It looks like it's a development company in
> > > California.
> >
> > --
> > It's a shame that a family can be torn apart
> > by something as simple as wild dogs.
