Lockdown - Securing your Linux box (Part 1)

posted onJune 27, 2000
by hitbsecnews

Just
a brief primer for anyone who has just installed Linux or has recently
moved to a *NIX environment. Just a few practical pointers to keep in
mind when you're looking to secure your machine from script kiddies or
almost anyone that might do you harm for that matter.

There
are a couple of things that need to be done post installation. These are
in no particular order at all :

1.)
Add two normal user accounts - The first account, will be your
everyday use account and the second would be for testing of sploits and
other network nasties against your own box. This way, you can ensure that
your own home directory isn't cluttered with all sorts of binary and .c
files.

2.)
Choose good passwords - I'm talking about hard to guess
passwords. A good idea would be to use an alphanumeric password. Don't
start bitching to me about how hard it is to remember and crap like dat.
If you use it often enough, it shouldn't be too hard to remember. The
best bet would be a mixture of numbers, letters and punctuation's.

3.)
Disable unneeded services - By default, Linux comes with a lot
of really kewl stuff. However, most of this stuff you'll probably never
use. On my RH6.1 system for instance, I found that a whole slew of ports
were including imap, telnet, ftp, sendmail, http, pop, sunrpc, and a whole
load of other crap! This certainly won't do. To start with, I don't have
a fixed line connection nor a fixed IP. So that pretty much does away
with the need to have http running for instance. Actually come to think
of it, that does away with the need to have most of these things running!
I know a number of people would probably want to have an ftp server and
stuff. By all means go ahead, but just make sure your ftp daemon is not
exploitable - i.e. patch any thing that needs to be patched.

So
how do you disable all these open ports and close em down? Most of these
daemons can be found in /etc/inetd.conf Just use your favorite
editor, open up the file (as root) and comment out anything that you don't
want running with a #. Once you're satisfied with the changes you've made, run ps -aux |more and look for the PID of inetd. Then just send
it SIGHUP and you're done. That's the easiest method - for all you lazy
ass mofos out there... just reboot your machine. :)

Next
move on to /etc/rc.d/init.d - you'll find a few other daemons here
that get started at boot time. Just rename them with a # or a * infront
with the mv command. This will ensure they don't get started at boot time.
Take a look at your /etc/rc.d/rc.local file as well. These are
scripts that get started once all your other services are loaded.

You
should also kill off any processes that you don't think you'll need. Be
careful here though... some of the services are vital to the running of
your machine. Just killing process at random could guarantee your system
coming to a grinding halt! Once you think you've closed up most of the
ports that you don't want running, it's time to port scan your own machine
to see if there's anything else you've missed. Personally I like nmap
- however I know a lot of people that like strobe. I suppose it's a matter
of personal choice really. Eitherways, get your hands on one, and scan
your machine for any other ports that you might have missed. You should
also run netstat -a to see what proggies are active and stuff as
well. Track these ports down and close em up or kill the process with
the kill -9 PID of process. :)

Now
we've come to the fun part. Attacking your own machine. Head on down to
www.securityfocus.com or subscribe
to Bugtraq. Using the hacker account that you created earlier,
get all the exploits for any services you might be running, and test them
out on your machine. I'd also recommend making secure backups of often
trojaned system files. Backing up will also come in handy in the event
that you totally screw up your machine installing some new fangled software!
:)

At
least once a week take a look at your system logs. On my Red Hat system,
this would be in /var/log/ . I would also recommend running further
logging software like tcpdump. If you're machine is connected permanently
log the traffic on your out going connection (the one to the net) as well
as your eth0 (or Ethernet port). You might want to tailor how much info
is logged to a file as capturing all network traffic would probably result
in a really large text file.

Lastly,
I would recommend some form of firewalling. Red Hat 6.1 comes with ipchains.
Read the how-to if you're not familiar with ipchains. It's an extremely
powerful piece of code that could do wonders for your system security.
I'll talk more about ipchains and stuff in Part 2.

Actually
this article was supposed to be just ONE article and not two. But I got
tired of writing so I'm breaking it up into two parts! :)

Peace
out. -
L33tdawg

1.)
OsReview :
Red Hat 6.1 -
L33tdawg

2.)
Lockdown
: Securing your Linux box (part 1) -
L33tdawg

3.)
Remote OS
detection via TCP/IP Stack FingerPrinting -
Fyodor

4.)
Installing
Linux on a Laptop -
OB-1

5.)
Hacking
payphones - Telstra style -
OB-1

6.)
Testing modems
with a DoS attack -
L33tdawg

7.)
Avoiding detection
-
L33tdawg

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes