How to secure your Linux Box : Part 1
Guides & Tutorials
| Thread Tools | Search this Thread |
#1
| ||||
| ||||
How to secure your Linux Box : Part 1 Recently, I have been watching a lot of my friends who use various versions of Windows getting a lot of viruses, mostly because of their negligence/ignorance. This sudden spurt in spread of Viruses/Worms/Trojans etc. made me think about Linux security. It also made me realise how vast this topic of "Securing a Linux Box" can be. I tried searching Google for an easy and concise How-To on securing my Linux install but was unable to find one. It made me write this series of 3 very basic guides to enable a user put his first steps on the way of having a secure system. This first part of the series will cover the basic tweaks that will help you close any open doors to your PC and remove any weak links that might lead to an easy way through your system. So then lets start...
__________________ Spread the message, not the virus -------------------------------------------- If you use any distro of Linux then please get counted. Currently Goa has maximum number of Linux users per million Population (40.21). To know about your state's UPMP visit this page |
#2
| ||||
| ||||
1) Password:
The first step in making a Linux box secure is for you to realise that
good passwords are back bone of Linux security. An easily guessed word
or date or a dictionary word for that matter are as bad a password as
none at all. The amazing thing is that even weak passwords can be
turned into strong ones pretty easily. If you love your name and you
always remember a particular date (may be your gf's b'day?
) then combining both of them in a random order might be a very good
idea. For example: 14ab07ha19y83 is a way better password then just
'abhay' or '14071983'. Even better would be if you could add a few
special characters to it like this 14ab#$07ha&^19y83. Yes the
password is extremely difficult to remember thus you must practice it
before you apply it to something as important as your root account. If you are not smart enough or you are too lazy to make good passwords for your self then give a visit to AllSeek.NFO or TechZoom The former is a better link as it also gives you a way to say your password so that you can remember it easily. NOTE: I strictly recommend you making your own passwords instead of using such tools. 2) Securing LILO: Before everyone pounces on me by saying that "Oh!!! Start using GRUB", I would like to say that I am a bit old fashioned. Yes, I like LILO and love to stay with it but not with a HUGE flaw in its security. Before I go on explaining you as to how you can remove this major loophole, I would like to explain what it is. If you are using LILO then rather than just pressing "Enter" key on the LILO prompt, write this on lilo prompt. Code: linux single Code: linux 1 Some distros have grown out of this vulnerability and now add sulogin to their start up scripts. This will ask you for a root password once the system boots before taking you to the root shell but then there is a work around to this security as well by doing the following at the lilo prompt. Code: linux init=/bin/bash To get around this, pass the following commands Code: # fsck / To get around this potentially serious security loop hole, you need to set a password for lilo so that you need to give the lilo password if you pass any comments to lilo prompt. The resulting lilo.conf snippet will look something like this Quote:
Also, you should change your lilo.conf permissions to 600 by passing the following command Code: #chmod 600 /etc/lilo.conf
__________________ Spread the message, not the virus -------------------------------------------- If you use any distro of Linux then please get counted. Currently Goa has maximum number of Linux users per million Population (40.21). To know about your state's UPMP visit this page Last edited by abhay : 19-08-2004 at 01:49 AM. |
#3
| ||||
| ||||
3) Open Ports, Services and nmap: nmap
is a very important tool in managing your own security. It is a port
scanner that can also tell which all ports are open on your system i.e.
doors to your lovely home. Pass the following command in a console window Code: root@darkstar:/home/abhay# nmap -P0 -O localhost If you suspect something fishy and don't want a particular port to be opened on your PC then it is time to take action. I Part: This part will involve finding out whether a port has been opened by a cracker or by a valid service on your system. To check whether the port has been opened by an official service, pass the following command. Code: cat /etc/services | grep <port> Code: netstat -anp | grep <port> II Part: This part deals with all the unwanted ports that has been reported by nmap. Now here comes the difficult part for me. There are various distros in market today and they use two different ways to handle services i.e. inetd and xinetd. I have more experience with inetd as Slackware Linux uses inetd to handle services but I will still try to throw some light on xinetd. For this part I would recommend using your distro specific control centre for dealing with services. inetd part: To establish whether inetd demon is running or not pass the following command in a console window Code: root@darkstar:/home/abhay# ps aux | grep inetd Code: root@darkstar:/home/abhay# grep -v "^#" /etc/inetd.conf Stopping services run by inetd is extremely easy. You need to edit the /etc/inetd.conf file and comment out the unwanted services by adding a hash (#) before each entry. For example: finger, ntalk and telnet etc. Then restart the inetd demon or restart the PC. Run nmap and the whole process mentioned above to find more open ports and services related to them. xinetd part: If you have xinetd managing your system services then you should pass the following commands to establish whether xinetd is running or not. Code: ps aux | grep xinetd Code: ls -l /etc/xinetd.d/* Code: # default: off Miscellaneous Part: Not all services are and should be managed by inetd or xinetd as the demon itself might have problems thus network services are slowly but surely moving out of the control of these two demons. If after following the above mentioned steps, you still find some opened ports then they must be because of the network services that are not being controlled by inetd or xinetd. To deal with them, you need to look into /etc/rc.d directory by passing following command. Code: # cd /etc/rc.d To disable services in these directories I highly recommend using GUI tools like Mandrake Control Center, linuxconf and YaST etc. but if you want to be playful then go ahead and delete the un-needed files in the runlevel directory. These are just softlinks to original files so you will not cause major damage to your system but you must know how to solve a boo-boo. Go through the nmap procedure once again so that you are absolutely sure of which ports are open and whether you need them or not. Phew...a really long quest is over ;-)
__________________ Spread the message, not the virus -------------------------------------------- If you use any distro of Linux then please get counted. Currently Goa has maximum number of Linux users per million Population (40.21). To know about your state's UPMP visit this page |
#4
| ||||
| ||||
4) host files: Now we come to a simple but effective protection setting. This setting is done using host files located in your /etc
directory. These files are often over looked by avid tweakers as these
files can be easily cheated but I like keeping them tuned. I will be
giving output of my host files along with explaining what they do. (i) /etc/hosts: This file contains a list of known hosts on network. I like to keep it clean with just localhost entries. Code: root@darkstar:/# cat /etc/hosts Code: root@darkstar:/# cat /etc/host.conf (iii) /etc/hosts.equiv: This file contains a list of all the hosts on network that should be given equivalent rights as that of the localhost. Code: root@darkstar:/# cat /etc/hosts.equiv Code: root@darkstar:/# cat /etc/hosts.allow Code: root@darkstar:/# cat /etc/hosts.deny All these files have self explanatory names but if you still need any help then you can ask about it. 5) Updates: Just like Windows, Linux softwares release updates/patches regularly. Linux softwares are not absolutely free from bugs or security loopholes so please do not fall for this myth. Make it a religious practice to update your distro using any package tool it comes with. These days an update tool is available for almost every distro. Either they are inbuilt or can be obtained as a third party application. Here are a few examples:- Quote:
Any distro not offering easy and prompt updates is not worth using (IMHO). Make it a weekly or bi-weekly practice to check for updates and install them if necessary. (Refrain from updating gcc)
__________________ Spread the message, not the virus -------------------------------------------- If you use any distro of Linux then please get counted. Currently Goa has maximum number of Linux users per million Population (40.21). To know about your state's UPMP visit this page Last edited by abhay : 19-08-2004 at 01:57 AM. |
#5
| ||||
| ||||
6) Conclusion:
After doing all the above mentioned things your system should be
reasonably secure from cracking attacks but I would still like to point
a few last minute things. i) Lots of network related applications come with their own IP settings and they might allow you to give them a range of IP's that will be allowed to access the application. Use this feature to set per application IP settings. ii) Always try and read README file and man pages. They are their for you reading and not for deleting purpose. They might give you very important stuff to secure yourself. iii) Try to "compile and install" the programs rather than relying on pre-compiled binaries. Never and I mean NEVER use any precompiled applications until you trust the source. iv) Never work as root until you MUST. Please post whether this guide helped you or not and if you would like any additions in it. If you find any faults, spelling mistakes or grammatical errors then do PM me or send me a mail. My next guide in this series will require you to have a bit of prior knowledge about kernel compiling. If you don't know how to compile a kernel then I recommend you to read an extremely good guide written by kingkrool located here. Disclaimer: This guide is written with no guarantee at all. All the tweaks have been tried and tested by me on my own Slackware 10 (Kernel 2.6.8.1) box. You MUST backup before trying any of the commands mentioned above. I must not be held responsible for any harm done by these tweaks to your system. Copyleft: This guide is copylefted and comes with full open source feeling. If you want to copy the whole or any part of this guide then you are totally free to do so but I would love it if you gave me some credit and sent me a link if possible on abhay.kedia<at>gmail.com Additional Reading: Redhat Linux 9 Manual Hacking Linux Exposed man lilo.conf man nmap man inetd (or xinetd) man hosts man host.conf
__________________ Spread the message, not the virus -------------------------------------------- If you use any distro of Linux then please get counted. Currently Goa has maximum number of Linux users per million Population (40.21). To know about your state's UPMP visit this page |
Leave a comment