--- Tathagata Banerjee <[EMAIL PROTECTED]> wrote: > > From: shyamk <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: [LIH] Server Hacked -- Pls Help > > Date: 17 Sep 2002 17:27:23 +0550 > > > Please guide me on the steps I should take. >
Linux can be the most secure - or insecure - of all operating systems depending on how u set it up. A few things that can (should?) be done: - Use /etc/hosts.deny to deny access to all remote machines - Remove linuxconf if it exists - Uninstall portmap or RPC services if you are not running NFS. Remove all services (e.g. finger, atd, rsh, rlogin etc.) that are not absolutely necessary (comment out the entries in /etc/services and /etc/inetd.conf) Or better still, uninstall inetd ( or xinetd ) - Configure and use TCP wrappers, shadow passwords, pam, ssh (if not done) <http://www.phys.ufl.edu/docs/system/public_domain/tcpwrapper.html> <http://tldp.org/HOWTO/Security-HOWTO/password-security.html> $ man pwconv - List all files with SUID bit set and chmod them # find / -type f -perm +6000 -ls # chmod -s <file> - Track all files that are world writable or without an owner or modified in last 24 hours # find / -perm -2 ! -type l -ls # find / -nouser -o -nogroup -ls # find / -mtime 1 -o -ctime 1 - Determine if any package has been corrupted, verify new packages before installing $ md5sum <package> - Setup syslogd and make logs etc. un-modifiable # chattr +a /var/log/messages /var/log/syslog # chattr -R +i /bin /boot /lib /sbin /usr - Use setgid on dirs to keep group ownership consistent - Change user passwords, set expiration dates - Set limits on user logins, processes, and memory usage - Set the proper mailing alias for root - Run BIND in chroot <http://www.ibiblio.org/pub/Linux/docs/HOWTO/Chroot-BIND-HOWTO> - Change banner in /etc/issue and /etc/motd - Install libsafe <http://www.avayalabs.com/project/libsafe/index.html> - Recompile kernel without unwanted modules - Switch to Free/OpenBSD ;-) - Consider options to packages with known vulnerabilities (e.g. sendmail, wu-ftp) - Monitor CERT and BugTraq reports - Update binaries immediately when security problems are found - Check out <http://www.linuxsecurity.com/docs/colsfaq.html> - Run a hardening tool like <http://www.bastille-linux.org> - Use the Openwall patch <http://www.openwall.com/linux> - And _now_ u can setup a firewall (use iptables) - Avoid getting fingerprinted by nmap <http://www.linuxjournal.com/article.php?sid=4750> <http://packetstormsecurity.nl/linux/security/indexdate.shtml> - And finally u can think of an IDS <www.tripwire.org> or its replacement, AIDE <http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/intrusion.html> - Still further, u can get proactive and nail the cracker <http://www.sans.org/newlook/resources/IDFAQ/honeypot.htm> etc. etc. P.S. This list is not 100% complete. I may have missed out some points... __________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
