You are not logged in.

#1 2005-03-18 01:41:13

nehsa
Member
Registered: 2003-01-14
Posts: 159

Dealing with security

I have most things on my archlinux server working now.  Now I want to focus more on security, probably is I don't know where to start.  Here are a few things I want to accomplish:

I have postfix setup to use authpam, for most people I give email accounts to this isn't a problem.  For a few I'd really prefer if they didn't have access to like SSH.  What I want to do is create an ssh group and have to actually give access to the few people that I want to have it instead of everyone getting it by default.

The second thing I've curious about is with IPTables, are they needed?  I am using hosts.allow and hosts.deny, doesn't that pretty much do the same thing? 

How do I tunnel things through ssh?  I want to be able to VNC to my x-windows from work, I noticed a command within the SSH config that says "forward X11 through SSH", is that all I need to toggle?

Other then that, does anyone know of anything else that might be a security risk that I might not have thought of?

Also, I just saw this in my httpd log:

[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/_vti_bin
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/_mem_bin
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/msadc
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:40 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:40 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 05:41:17 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 05:41:17 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/MSADC
[Thu Mar 17 05:41:17 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/c
[Thu Mar 17 05:41:17 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/d

That isn't an IP address that I know, is someone trying to do bad things to me?

Offline

#2 2005-03-18 05:31:02

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Dealing with security

nehsa wrote:

I have postfix setup to use authpam, for most people I give email accounts to this isn't a problem.  For a few I'd really prefer if they didn't have access to like SSH.  What I want to do is create an ssh group and have to actually give access to the few people that I want to have it instead of everyone getting it by default.

You can allow/deny users ssh access via the /etc/ssh/sshd_config file.
I have "AllowUsers userA userB userC" etc etc in my file. Only those users can connect via ssh. All others are denied.

The second thing I've curious about is with IPTables, are they needed?  I am using hosts.allow and hosts.deny, doesn't that pretty much do the same thing?

No. First off, not all apps use tcp-wrappers (hosts.allow/deny). Second, there are other things that you might want to block (malformed packets for instance).

How do I tunnel things through ssh?  I want to be able to VNC to my x-windows from work, I noticed a command within the SSH config that says "forward X11 through SSH", is that all I need to toggle?

Depends on what you are trying to do. Do search on this one, or maybe someone else can answer it..I am too tired to type more...ZZZzzzz

Other then that, does anyone know of anything else that might be a security risk that I might not have thought of?

Lots..

Also, I just saw this in my httpd log:

[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/_vti_bin
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/_mem_bin
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/msadc
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:39 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:40 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 03:38:40 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 05:41:17 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/scripts
[Thu Mar 17 05:41:17 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/MSADC
[Thu Mar 17 05:41:17 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/c
[Thu Mar 17 05:41:17 2005] [error] [client 24.21.48.24] File does not exist: /home/httpd/html/d

Likely just a bot scanning for IIS. Some ignorant user probably has his windows box zombied/wormed, and it is trying to repropagate...
You may also start getting things like this in your httpd log..

24.21.215.88 - - [13/Mar/2005:18:27:42 -0800] "SEARCH /x90xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9
xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9
xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9
xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9
xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9
xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9
xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9xc9

That continues on for a while...attempted buffer overflow for IIS. I think it is code-red or nimbda or something...


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

Board footer

Powered by FluxBB