You are not logged in.

#1 2008-11-19 14:10:47

u_no_hu
Member
Registered: 2008-06-15
Posts: 453

Need help securing a newly installed box

Hi ,
Any pointers, tips n tricks etc in securing a newly installed archlinux box... I searched the wiki..but theres not much there... If i get lots of input I will even consolidate it in a wiki page as beginners guide to arch security ... Thanks in advance


Don't be a HELP VAMPIRE. Please search before you ask.

Subscribe to The Arch Daily News.

Offline

#2 2008-11-19 15:09:35

Shagbag
Member
Registered: 2006-10-25
Posts: 259

Re: Need help securing a newly installed box

Here are a few things to think about:

1.  use strong passwords (viz. random characters) and consider the same for usernames (to stop/slow down brute force attacks).
2.  carefully consider what groups your non-privileged user is to be a member of - eg. consider removing it from the wheel group (so that it can't 'su' into root).
3.  consider using 'sudo' and, if you do, make sure you've thought about what privileges and how much privilege you want your non-privileged user to have.
4.  shutdown any services/daemons you don't need (use netstat to see which ones are listening).
5.  use a firewall and customise its configuration.
6.  consider using SElinux.

Offline

#3 2008-11-19 15:15:06

robmaloy
Member
From: Germany
Registered: 2008-05-14
Posts: 263

Re: Need help securing a newly installed box

if you have sshd running, don't use the default port

cuts down attacks from >5000 a day to ZERO

Last edited by robmaloy (2008-11-19 15:15:20)


☃ Snowman ☃

Offline

#4 2008-11-19 21:42:41

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Need help securing a newly installed box

Here's a starter set of iptables rule to get you going: http://pastebin.com/d19c4206e

They're a modified version of something I found on the intarwebs. Just pay attention to what you want/need to uncomment in the INPUT section, and add your local network segment at the bottom for ICMP packets.

robmaloy wrote:

if you have sshd running, don't use the default port

cuts down attacks from >5000 a day to ZERO

Also:
1) Disable root login on ssh (PermitRootLogin no)
2) Install and configure fail2ban
3) Create a group "ssh" and add you user to that group, then only allow members of that group to login via SSH (AllowGroups ssh)

Last edited by fukawi2 (2008-11-19 21:43:59)

Offline

#5 2008-11-19 22:07:10

evdvelde
Member
From: Antwerp - BELGIUM
Registered: 2005-12-02
Posts: 57

Re: Need help securing a newly installed box

I think you should look at the function of the host. If it is really prone to attack, you should be more careful, but from my experience this is the most important:
- Good passwords
- All connections carrying confidential information like passwords, should be encrypted (e.g. ssh, https, ...)
- Stay up-to-date to avoid exploitable vulnerabilities
- Firewall and/or check that only the services you need have opened ports

Important, but not required:
- things like denyhosts
- using wheel group
- denying root login on ssh

Changing ports etc are no ways to secure your host: a casual attacker wont guess a good password anyway and a targeted attack will find the correct port anyway.

But, please do not panic about security. If your passwords are strong and you update when large vulnerabilities are known, you will be on the safe side for 99.99% of all attacks. If you use a little more of your brain and add some more countermeasures, nothing bad will happen smile

Last edited by evdvelde (2008-11-19 22:08:12)

Offline

Board footer

Powered by FluxBB