How to set up

How to set up

[tr-huso]

Hi group.

I'm new to this group, so here is my setup:
A linux box (Red Hat 7.3) that is connected to the www and also works as a 
router for the rest of the network. It also runs an Apache webserver, and will 
also run a proftpd ftp-server soon. 
A Windows XP machine that is used for anything else, connectes to the internet 
through the linux. Thanks to Samba the windows machine has some network 
directories on the linux box.

Now I want to secure this thing, and I also want to log what's happening on 
the linux-box.

I've read a few articles on iptables, and read a few newsgroup-posts related 
to the topic.

I've also seen a few scripts that I might use, if someone can point out which 
one to use, I'm more than happy...

yours,

Trond

RE: How to set up

[Daniel Chemko]

Ack!

Talk about asking for everything all at once... I digress.

Rule 1 of firewalls is to never have any services on the firewall that
are not absolutely necessary. Of course if you are poor just like
everyone else I guess you have to bend that rule.

If you are putting tons of services on the firewall, you have to make
sure that the ones that are used for your local network don't get to the
internet!

Samba may seem fine now, but when some nasty hacker wipes out all your
shares you won't be so happy about having it! (SMB: Ports 137-139
tcp/udp; Port 445 tcp)

Make sure all default services in the Linux box are turned off, or a re
restricted from internet tampering, like Portmap, etc..

Patch all services that you will be running to the latest, greatest, and
most secure version.

When writing scripts, I can't recommend using person xyz's scripts. I
have always been of the impression that by learning about how iptables
or other tools work, you become more aware of really important issues of
how firewalls work. Read tutorials that cover iptables to make sure that
there aren't any "They can do that"?'s or "I never knew that"!'s.

As for monitoring software, I am incompetently bad at implementing any
systems monitoring tools so I can't offer any advice with that. I am
sure you can do a search and come up with tools like Tripwire or IDS's.
Running tools like Nessus is also a good idea when implementing a sanity
check on your firewall.


-----Original Message-----
From: tr-huso [mailto:tr-huso@online.no] 
Sent: Friday, May 23, 2003 6:38 AM
To: Netfilter Mailing List
Subject: How to set up

Hi group.

I'm new to this group, so here is my setup:
A linux box (Red Hat 7.3) that is connected to the www and also works as
a 
router for the rest of the network. It also runs an Apache webserver,
and will 
also run a proftpd ftp-server soon. 
A Windows XP machine that is used for anything else, connectes to the
internet 
through the linux. Thanks to Samba the windows machine has some network 
directories on the linux box.

Now I want to secure this thing, and I also want to log what's happening
on 
the linux-box.

I've read a few articles on iptables, and read a few newsgroup-posts
related 
to the topic.

I've also seen a few scripts that I might use, if someone can point out
which 
one to use, I'm more than happy...

yours,

Trond

RE: How to set up

[Gladson George]

Lids is a software that can be used to secure a Linux box. 

http://www.lids.org/

You can also use snort to watch your network scans and hacks.

www.snort.org


-----Original Message-----
From: Daniel Chemko [mailto:dchemko@smgtec.com] 
Sent: Friday, May 23, 2003 12:45 PM
To: tr-huso; Netfilter Mailing List
Subject: RE: How to set up

Ack!

Talk about asking for everything all at once... I digress.

Rule 1 of firewalls is to never have any services on the firewall that
are not absolutely necessary. Of course if you are poor just like
everyone else I guess you have to bend that rule.

If you are putting tons of services on the firewall, you have to make
sure that the ones that are used for your local network don't get to the
internet!

Samba may seem fine now, but when some nasty hacker wipes out all your
shares you won't be so happy about having it! (SMB: Ports 137-139
tcp/udp; Port 445 tcp)

Make sure all default services in the Linux box are turned off, or a re
restricted from internet tampering, like Portmap, etc..

Patch all services that you will be running to the latest, greatest, and
most secure version.

When writing scripts, I can't recommend using person xyz's scripts. I
have always been of the impression that by learning about how iptables
or other tools work, you become more aware of really important issues of
how firewalls work. Read tutorials that cover iptables to make sure that
there aren't any "They can do that"?'s or "I never knew that"!'s.

As for monitoring software, I am incompetently bad at implementing any
systems monitoring tools so I can't offer any advice with that. I am
sure you can do a search and come up with tools like Tripwire or IDS's.
Running tools like Nessus is also a good idea when implementing a sanity
check on your firewall.


-----Original Message-----
From: tr-huso [mailto:tr-huso@online.no] 
Sent: Friday, May 23, 2003 6:38 AM
To: Netfilter Mailing List
Subject: How to set up

Hi group.

I'm new to this group, so here is my setup:
A linux box (Red Hat 7.3) that is connected to the www and also works as
a 
router for the rest of the network. It also runs an Apache webserver,
and will 
also run a proftpd ftp-server soon. 
A Windows XP machine that is used for anything else, connectes to the
internet 
through the linux. Thanks to Samba the windows machine has some network 
directories on the linux box.

Now I want to secure this thing, and I also want to log what's happening
on 
the linux-box.

I've read a few articles on iptables, and read a few newsgroup-posts
related 
to the topic.

I've also seen a few scripts that I might use, if someone can point out
which 
one to use, I'm more than happy...

yours,

Trond

RE: How to set up

[George Vieira]

Monitor what? linux activity... ha ha.. don't expect any surprises.
Usually /var/logs/ directory contains syslogs of what's going on but usually it's the innocent services that are logging. Hackers can bypass this or wipe it completely to cover their tracks.
Kernel mode root kits go further by not showing up in the files list or "ps -ef" as well.. the root kit is embedded to the kernel so it blocks what it doesn't want the end user/administrator to see hence they have the freedom to sit there and not be noticed.

So your best bet it to stop it from ever happening at all otherwise it's too late.
I can't stress how important it is to do what Daniel Chemko said as to patch and get the latest of everything. This is really only towards the services you are exposing to the internet. ie. webserver, mail server..etc.etc.. even NATted machines inside must do this.. because they break into a NATted machine then they see everything else inside the network..

Use tripwire to monitor changes in files that shouldn't have been changed.
Find a website who can scan your ports for you.. some do it for free but then you get these annoying emails to purchase their services monthly.. he he (put a block on sendmail for their smtp server. he he)..



-----Original Message-----
From: tr-huso [mailto:tr-huso@online.no]
Sent: Friday, May 23, 2003 11:38 PM
To: Netfilter Mailing List
Subject: How to set up


Hi group.

I'm new to this group, so here is my setup:
A linux box (Red Hat 7.3) that is connected to the www and also works as a 
router for the rest of the network. It also runs an Apache webserver, and will 
also run a proftpd ftp-server soon. 
A Windows XP machine that is used for anything else, connectes to the internet 
through the linux. Thanks to Samba the windows machine has some network 
directories on the linux box.

Now I want to secure this thing, and I also want to log what's happening on 
the linux-box.

I've read a few articles on iptables, and read a few newsgroup-posts related 
to the topic.

I've also seen a few scripts that I might use, if someone can point out which 
one to use, I'm more than happy...

yours,

Trond