Archive

Firewall Building

Building a firewall on a Linux system with a 2.6 series kernel involves the Netfilter iptables command. The 2.4 series kernel uses the ipchains command. The configuration of a Linux system’s firewall is often held in a script that is run at system boot. Crafting complex firewall script can take a long time, however there are some software projects to help make creating and managing your Linux firewalls easier.

Security

Introduction

There are many arguments that “Linux is more secure than Windows”. Personally, I don’t believe in this (David Ramsden). An Operating System is only as secure as the user makes it. However, all the time security in Operating Systems is improving.

The following pages have been written so you can make your box a little bit more secure or give a guide as to what you should and shouldn’t do, as well as general security pointers.

Pages in this section

Hiding files on a system

Attackers can easily “hide” files on a system. One method is to modify the kernel (through a kernel module for example) if the attacker has gained root. This is not discussed here.

A more common method of “hiding” files is to simply put the files in obscure locations that users will probably overlook. One problem with UNIX is that /tmp, /var/tmp and /var/lock are world writable.

Look at the following directory listing in /tmp:

david@anarchy:/tmp$ ls -al drwxrwxrwt 10 root root 12288 Apr 21 02:34 . drwxr-xr-x 21 root root 4096 Apr 3 13:19 .. drwxr-xr-x 2 david david 4096 [continued...]

Locking down /tmp to protect against automated and “script kiddie” exploits

Introduction

The most common way systems are compromised are through web applications. An excellent example of this is phpBB. Users install phpBB on your shared web server. It works, so they leave it. 6 months later, 3 exploits that allow code execution are found in phpBB but the user on your shared web server isn’t concerned with security. You get an email from the feds telling you your server has been taking part in a DDoS.

If you’ve ever seen such an exploit, they usual create a botnet and search for other vulnerable applications on other servers and compromise [continued…]

What to do when you’ve been hacked

Initial handling

First of all, don’t panic – it won’t help anything. Personally I want to try and track down the pile of slime that did this. That means trying to preserve all data, logs and possibly sniffing network traffic. However you also need to weigh up the risk of further damage to (or from) your compromised system.

Change all your passwords and any other data that might have been grabbed from the compromised system – e.g. credit card details etc. You should also check any other systems that you use from that machine or that are on the [continued…]