Wow - thanks for that!
Yasir
There are some programs and ways to secure your system.
The program "tiger" scans your system for local holes. Just run "tiger"
from your shell and check /var/log/tiger/security-?
Bastille does about the same. Run it with "InteractiveBastille" from a
shell.
Logcheck checks your logs for security messages and emails them to you.
You will only have to put your email address in
/etc/logcheck/logcheck.conf, and configre your mail client.
It is best to ignore the unimportand messages with logcheck, because
people will get demotivated to keep reading when there is to much
information in these messages. There is a file in
/usr/share/doc/logcheck that explains how you can achieve this.
Programs like Aide and Osiris check your filesystem for changes. This
way you can monitor your filesystem for unauthorized changes.
Osiris is pretty convienient to start with I'll presume.
You can monitor which packages get updated at http://www.debian.org/security
When the logs of osiris and such show changes you can do "dpkg -L
packagename" to see what files belong to a new package. You can the use
diff to compare the output with the log to see only the files that
don't belong to this package. If there are a few new packages you can
direct the output of dpkg -L for each package into a file after which
you can compare this file with the log. This way you will only see the
relevant information.
Monitoring your system is importand.
You can use programs like Grsecurity and Lids to further define
permissions on your system. You can for example hide directories with
them, deny tampering with processes and more. http://www.grsecurity.org http://www.lids.org They are pretty
difficult to handle, but they are worth it. About Lids: after you learn
what commands you'll have to use to setup your system with Lids, you
can copy and paste rules from the Lids and Lids wiki site.
If these kind of programs are too difficult you can take a look a the
"chroot" command to try to minimize the impact on your filesystem when
you are compromised.
Makejail will automaticly setup programs for chrooting. There are some
"templates" for programs in /usr/share/makejail/examples if you install
Makejail. There is one for apache for example.
You use makejail by doing:
"makejail /usr/share/doc/makejail/examples/templatename"
After you have used makejail you can chroot your program with the
command:
"chroot /directory/makejail/created 'programname options'"
You can also use something like user-mode-linux instead of chroot. You
can find more info about this at http://www.debian-administration.org
Use chkrootkit and rkhunter to see if someone installed a rootkit on
your system.
Rkhunter is not available on Debian but is easily installable and
available from http://www.rootkit.nl
You can run them from cron and email the output to you by doing:
date /usr/sbin/chkrootkit|mail -s chkrootkit youremailaddress
date /usr/local/bin/rkhunter --update
date /usr/local/bin/rkhunter -c --cronjob|mail -s rkhunter
youremailaddress
You will have to substitute date with the proper cron entries. (See
below)
It is best to install as few as possible. This way you have less
programs that could be used to compromise your computer when they have
holes in them.
Close ports of programs you don't use.
You can achieve this with:
update-rc.d -f "programname" remove
With this command the program "programname" does not start anymore
during the system boot.
You can setup what commands certain users can run with ssh.
You can read how to do that here:
http://www.hackinglinuxexposed.com/articles/20021211.html
Run programs like apache as a user with limited rights on the system.
Documents about securing apache and such can be found here:
http://www.securityfocus.com/unix
This documents shows very well how you can secure linux:
http://www.gentoo.org/doc/en/security/security-handbook.xml I
guess I have shown well how to get your system secure but the document
is detailed and will give you a better view on security on Linux.
Last but not least: keep your system up to date. People often get in
systems because of holes in programs.
You can for example run this to achieve that:
"crontab -e"
0/14 0/24 * * * /usr/bin/apt-get update
0/15 0/24 * * * /usr/bin/apt-get upgrade -y
"ctrl X"
This will update your system with security updates each 15 minutes 24/7
when they are available.
2006/2/2, Andrei Popescu <[EMAIL PROTECTED]>:
On
Thu, 02 Feb 2006 14:12:09 +1100
Yasir Assam <[EMAIL PROTECTED]>
wrote:
> Thanks for your feedback Andrei - I appreciate it. I think I'll
invest time in learning shorewall.
>
> Yasir
Here is a very good starter for Shorewall on Debian http://www.cyberdogtech.com/firewalls/firewall/
Regards
Andrei
P.S. Please send replies only to the list
--
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
|
