You are not logged in.

#1 2006-03-07 13:51:07

hotsauce
Member
From: Ann Arbor
Registered: 2005-12-28
Posts: 125

What do you do for security?

Hi everyone!

I have to come clean with you guys, I have been on linux for about a year and a half and with arch for about 4-5 months but was always to lazy to really dive into system hardening. I have been quite lucky so far with only trusting my router for firewalling and pretty much leaving the rest alone. Of course I do -Syu pretty just about every day, but I still consider I don't do much.

So the question is: On a virgin arch install (home, desktop, work, etc.) what kind of security measures do you guys usually apply?

Ciao

hotsauce

Offline

#2 2006-03-07 14:39:50

lumiwa
Member
Registered: 2005-12-26
Posts: 712

Re: What do you do for security?

hotsauce wrote:

Hi everyone!

I have to come clean with you guys, I have been on linux for about a year and a half and with arch for about 4-5 months but was always to lazy to really dive into system hardening. I have been quite lucky so far with only trusting my router for firewalling and pretty much leaving the rest alone. Of course I do -Syu pretty just about every day, but I still consider I don't do much.

So the question is: On a virgin arch install (home, desktop, work, etc.) what kind of security measures do you guys usually apply?

Ciao

hotsauce

I have a standalone computer and I use Shorewall Firewall.

Offline

#3 2006-03-07 15:20:44

wrj
Member
Registered: 2006-02-21
Posts: 17

Re: What do you do for security?

I have a standalone machine acting as a router and firewall.  It's a lean build of debian with a custom firewall.


-w

Offline

#4 2006-03-07 20:36:31

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: What do you do for security?

Isn't "lean build of Debian" a bit oxymoronic? wink

*runs*

Offline

#5 2006-03-07 21:04:45

wrj
Member
Registered: 2006-02-21
Posts: 17

Re: What do you do for security?

true ...

I guess I thought it was lean at the time.  That was before I tried arch.  Time to update my  lingo ... better yet ... update my machine smile


-w

Offline

#6 2006-03-07 21:44:33

Neuro
Member
From: Poland
Registered: 2005-10-12
Posts: 352

Re: What do you do for security?

Same here.. a separate firewall machine running Slackware + custom firewall scripts.

Apart from that, good paswords. I mean 9-12 characters long ones with letters, numbers and special characters. For a desktop , I think nothing else is needed. But if you think about using it as a server in a truly multi-user environment, tighten the perms in filesystem a bit and perhaps apply grsec patches.

Offline

#7 2006-03-08 00:06:21

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: What do you do for security?

I thought X wouldn't run with GrSec?

Offline

#8 2006-03-08 00:13:28

_Gandalf_
Member
Registered: 2006-01-12
Posts: 735

Re: What do you do for security?

Seperate Firewall machine running IPCOP all ports are closed except the ones i really want to open, like some NON standard ports for Azureus, i don't really care now about soem intruders, even if they could enter my network, there's a Good password to hack which i think it's impossible with

FAIL_DELAY              60

in /etc/login.defs, can somone really be that patient to hack a 15/20 chars pass with 1 min between each try, hmm i don't think so smile

Offline

#9 2006-03-08 17:50:30

LB06
Member
From: The Netherlands
Registered: 2003-10-29
Posts: 435

Re: What do you do for security?

This is what I do on my (non-Arch) server:
- Alter limits.conf to limit the amount of concurrent proccesses that can be run (both system wide and per user).
- Set a password on GRUB and BIOS, to prevent anyone from custom booting anything.
- Run SSH on a non standard port and allow access from certain ranges only (local, university, work)
- Install mod_security and mod_suid on apache.
- Install sudo (we have multiple administrators, and sharing a password is not desirable)
- Allow su and sudo from admin group only.

etc. etc.

Offline

#10 2006-03-09 13:43:12

jaboua
Member
Registered: 2005-11-05
Posts: 634

Re: What do you do for security?

I dont have any external firewall, but I use an iptables setup which wont allow incoming connections unless that specific port (or IP, etc) is specificly mentioned for iptables. I always forget if it's named inclusive or exclusive firewall  :oops:

In addition I've setup kernel-level antispoof (source verification or something like that) and a few other sysctl's

Offline

#11 2006-03-09 14:30:40

soloport
Member
Registered: 2005-03-01
Posts: 442

Re: What do you do for security?

One technique I rely on is to port knock (knock numbers have been altered, of course):

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:TRAFFIC - [0:0]
:SSH-INPUT - [0:0]
-A INPUT -j TRAFFIC
-A FORWARD -j TRAFFIC
# Accepted
-A TRAFFIC -i lo -j ACCEPT
-A TRAFFIC -s 192.168.0.0/24 -j ACCEPT
-A TRAFFIC -p icmp --icmp-type any -j ACCEPT
-A TRAFFIC -m state --state ESTABLISHED,RELATED -j ACCEPT
-A TRAFFIC -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A TRAFFIC -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# Knocking
# Use either port 4844 or port 3633 to close knocking
-A TRAFFIC -m state --state NEW -m tcp -p tcp --dport 22 -m recent --rcheck --name SSH1 -j ACCEPT
-A TRAFFIC -m state --state NEW -m tcp -p tcp -m recent --name SSH1 --remove -j DROP
-A TRAFFIC -m state --state NEW -m tcp -p tcp --dport 3633 -m recent --rcheck --name SSH0 -j SSH-INPUT
-A TRAFFIC -m state --state NEW -m tcp -p tcp -m recent --name SSH0 --remove -j DROP
-A TRAFFIC -m state --state NEW -m tcp -p tcp --dport 4844 -m recent --name SSH0 --set -j DROP
--name SSH0 --set -j DROP
-A SSH-INPUT -m recent --name SSH1 --set -j DROP
# Others
-A TRAFFIC -j DROP
COMMIT

Think of this as a simple state machine.  You have to knock in sequence or the state goes back to zero.  Therefore, to close the port, you simply knock once more, out-of-sequence (i.e. using 4844 or 3633 in the example).

I use the following script (knock.sh) to automate knocking:

#!/bin/bash
# $1 host name or IP address
nmap -P0 --host_timeout 201 -p $2 $1 &> /dev/null
nmap -P0 --host_timeout 201 -p $3 $1 &> /dev/null

So to knock open port 22: sh ~/knock.sh hostname.com 4844 3633

IPTABLES will honor access ONLY from the IP address that knocked (i.e. all other IP addresses will still see port 22 as closed).  That's got to be the coolest part of the deal!

Another nicety is that this works with any platform (RH, SuSE, *BSD) that supports IPTABLES.

NOTE: Don't forget to open the knocking ports on your DSL / Cable router, as you would port 22.

Offline

#12 2006-03-09 22:21:05

hotsauce
Member
From: Ann Arbor
Registered: 2005-12-28
Posts: 125

Re: What do you do for security?

Well thanx a lot people for all your input. Honestly I was secretly hoping for something a tiny bit more exotic like intrusion detection or something else lol

But I guess the next step for me is to learn how to use iptables properly.

So thanx again, cheers

hotsauce

Offline

#13 2006-03-09 22:47:41

Neuro
Member
From: Poland
Registered: 2005-10-12
Posts: 352

Re: What do you do for security?

Gullible Jones wrote:

I thought X wouldn't run with GrSec?

I don't know really. But who runs X on a server? wink

hotsauce wrote:

Honestly I was secretly hoping for something a tiny bit more exotic like intrusion detection or something else Laughing

Actually if you're looking for a way to tighten up your desktop computer/home network, an IDS is like using an air-to-air missile to shoot down flies wink

The GNU/Linux is provides a sensible level of security, as long as it's properly configured. Finetuning services, filesystem permissions, running a basic firewall + monitoring logs would do the job just fine in a non-production environment.

Offline

#14 2006-03-10 08:24:10

Romashka
Forum Fellow
Registered: 2005-12-07
Posts: 1,054

Re: What do you do for security?

I use simple but very restrictive firewall on my server that guards large Windoze network.
Maybe I should try to disconnect Power and Reset too :twisted:


to live is to die

Offline

#15 2006-03-10 09:29:14

postlogic
Member
Registered: 2005-02-24
Posts: 410
Website

Re: What do you do for security?

I use a, perhaps too simple, firewall script using iptables. I just started learning iptables, so it's far from done. But it works nonetheless.

IMHO, the wiki could use an entry or two on iptables and security in general.

For example on how to stop fork bombs and similar. I didn't even know there were measures to hinder it before I accidentally stumbled upon something mentioning it and how to fix it. It'd be especially nice to have something covering some setting up logging after setting up the iptables script.. Just my 2 cents.

Anyway, yes, security is nice. I used to run firestarter, but it didn't really make me feel comfortable, since it only has so many options.

Offline

#16 2006-03-10 21:53:32

LB06
Member
From: The Netherlands
Registered: 2003-10-29
Posts: 435

Re: What do you do for security?

hotsauce wrote:

Well thanx a lot people for all your input. Honestly I was secretly hoping for something a tiny bit more exotic like intrusion detection or something else lol

Well port knocking is certainly an eligible candidate if you ask me smile

Another tenchnique that we apply to some servers is to allow SSH access only from one IP. So if one wants to access that particular server, one has to go though another one. This is to make sure that our servers can't possibly be bruteforced directly.

Offline

#17 2006-03-11 13:56:45

hotsauce
Member
From: Ann Arbor
Registered: 2005-12-28
Posts: 125

Re: What do you do for security?

LB06 wrote:

Well port knocking is certainly an eligible candidate if you ask me smile

Sounds like that, but I'm not too sure if I really know what you are talking about. hehe, that's why I didn't mention it.

But I will read on it I will

thanx for that

hotsauce

Offline

#18 2006-03-11 20:32:23

jesus franco
Member
From: PA, USA
Registered: 2005-05-17
Posts: 68

Re: What do you do for security?

Some good articles to read.
http://www.securityfocus.com/infocus/1416
http://www.linuxjournal.com/article/6222

Software to checkout
http://www.intersectalliance.com/projects/Snare/
http://www.chkrootkit.org/   (its in the repos)

And check out the gentoo iptables guide. Very helpfull.
http://gentoo-wiki.com/HOWTO_Iptables_for_newbies

I run chrootkit, iptables, strong passwords, and check my system every friday using tips found on the articles above.

I would recomend using this password strength meter to see strong your password really is.

If your really paranoid or use arch for production check out the LIDS kernel patches and try building them on arch.

Offline

#19 2006-03-11 21:09:14

kozaki
Member
From: London >. < Paris
Registered: 2005-06-13
Posts: 671
Website

Re: What do you do for security?

_Gandalf_ wrote:

i don't really care now about soem intruders, even if they could enter my network, there's a Good password to hack which i think it's impossible with

FAIL_DELAY              60

in /etc/login.defs

Gandalf > is that normal that entering the wrong password let me re-type it & succesfully login instantly, even after i have edited this login.defs file then rebooted ?
I tried that on both my gateway (by SSH) & my home computer jsut after reading your post.


Seeded last month: Arch 50 gig, derivatives 1 gig
Desktop @3.3GHz 8 gig RAM, linux-ck
laptop #1 Atom 2 gig RAM, Arch linux stock i686 (6H w/ 6yrs old battery smile) #2: ARM Tegra K1, 4 gig RAM, ChrOS
Atom Z520 2 gig RAM, OMV (Debian 7) kernel 3.16 bpo on SDHC | PGP Key: 0xFF0157D9

Offline

Board footer

Powered by FluxBB