Re: [gentoo-user] Re: Protecting my server against an individual
Grant wrote: I do log in via ssh (port 22 I think) and it's also a mail server. How can I check which ports are open? Does shorewall handle that? You know, you shouldn't be asking such questions, if you operate a server, which is accessible via the internet. But that's IMO. Anyway. netstat -tulpen on the server and nmap are your friends. Alexander Skwar -- The more laws and order are made prominent, the more thieves and robbers there will be. -- Lao Tsu -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: Protecting my server against an individual
On Tue, 04 Jul 2006 18:56:02 -0400, Grant [EMAIL PROTECTED] wrote: It has come to my attention that a particular person I know may be intent on attacking my server/website in any way possible. He doesn't know much about Linux but does know Windows. What kind of things should I lock down to protect my remote hosted server? I don't have time to get too crazy with security right now, but what kinds of simple tricks might this fellow learn by asking around on forums, etc? A Windows guy has all of the techniques/tools that a 'nix guy has - he'll figure out what servers you have, which ports, which software, what vulnerabilities .. all of it. He'll even use some of the same tools (e.g. nmap). If your server is misconfigured (e.g allows root logon); if passwords are trivial; if software is out-of-date with known vulnerabilities; he could break in and deface the site; erase the OS; install a root kit and hide a key logger. Suggest that you shut this thing down 'til you have a security plan that you understand, and with which you are comfortable. If that is not possible, then implement the items mentioned earlier, and additionally assure: 1. that your passwords are at least 15 characters long with capitals and numerics. A repeated password is fine (e.g. gentoo becomes gEnt0*gEnt0*gEnt0*) 2. that you can easily and confidently restore your backups (you do have backups!?) 3. that you can tell if you've been hacked (e.g. samhain, tripwire). 4. And that your software is up to date. After that, you can look into IDS, Trojan scanning, chroot jails, hardening, and other things that servers under attack might consider. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: Protecting my server against an individual
Grant emailgrant at gmail.com writes: It has come to my attention that a particular person I know may be intent on attacking my server/website in any way possible. He doesn't know much about Linux but does know Windows. What kind of things should I lock down to protect my remote hosted server? I don't have time to get too crazy with security right now, but what kinds of simple tricks might this fellow learn by asking around on forums, etc? Hello Grant, I assuming your server is a web host and it only is using port 80 (http) traffic. If so you can follow this iptables-newbie site and set up pretty good security just on that server: http://gentoo-wiki.com/HOWTO_Iptables_for_newbies#QuickStart Others will suggest using one of the ebuilds found in /usr/portage/net-firewall such as 'fwbuilder' or shorewall. hth, James -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Protecting my server against an individual
Grant wrote: It has come to my attention that a particular person I know may be intent on attacking my server/website in any way possible. He doesn't know much about Linux but does know Windows. What kind of things should I lock down to protect my remote hosted server? I don't have time to get too crazy with security right now, but what kinds of simple tricks might this fellow learn by asking around on forums, etc? I assuming your server is a web host and it only is using port 80 (http) traffic. I do log in via ssh (port 22 I think) and it's also a mail server. How can I check which ports are open? Does shorewall handle that? This is my theory. If you can, install webmin and shorewall. You can use webmin to configure shorewall from what I have read. Basically you want to block all but what you need to keep open, including ssh. Hope that helps. Dale :-) :-) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Protecting my server against an individual
On Tue, 4 Jul 2006 17:38:28 -0700 Grant [EMAIL PROTECTED] wrote: How can I check which ports are open? nmap can do this. Just `emerge nmap` and run `nmap yourdomain.com` Below is what the output looks like: [EMAIL PROTECTED] ~ $ nmap cs.ubishops.ca Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-07-04 22:14 EDT Interesting ports on cs.ubishops.ca (206.167.194.132): (The 1662 ports scanned but not shown below are in state: closed) PORTSTATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 465/tcp open smtps 993/tcp open imaps 995/tcp open pop3s Nmap finished: 1 IP address (1 host up) scanned in 5.906 seconds pgpX8wvNqT7MX.pgp Description: PGP signature
[gentoo-user] Re: Protecting my server against an individual
Grant emailgrant at gmail.com writes: It has come to my attention that a particular person I know may be intent on attacking my server/website in any way possible. He doesn't know much about Linux but does know Windows. What kind of things should I lock down to protect my remote hosted server? I don't have time to get too crazy with security right now, but what kinds of simple tricks might this fellow learn by asking around on forums, etc? I assuming your server is a web host and it only is using port 80 (http) traffic. I do log in via ssh (port 22 I think) and it's also a mail server. How can I check which ports are open? Does shorewall handle that? You may want to try a tool I just found: kmyfirewall: et-firewall/kmyfirewall Available versions: 0.9.6.2-r1 ~1.0-r2 ~1.0.1 Installed: 0.9.6.2-r1 Homepage:http://kmyfirewall.sourceforge.net/ Description: Graphical KDE iptables configuration tool I just installed it, so I'm going to play around with it. In the handbook you can use the advanced features to config a firewall for a remote system. ymmv, James I -- gentoo-user@gentoo.org mailing list