How do we configure security for Linux?

Discussion in 'other security issues & news' started by george75, May 15, 2007.

Thread Status:
Not open for further replies.
  1. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    Dear Wilders Security Experts:

    Yes I know that Linux is safer than Windows. But it always pays to be sure. I would like guidance on configuring security for Ubuntu 7.04. I have run Bastille, although I admit I did not understand all of the issues that were being addressed in the discussions in the interactive run. I have installed Firestarter and got a clean bill of health from the Gibson site. I have installed Avast, although I would be happier with on-line scanning, if anyone can recommend a good package that's free. I would like to install something that will look for tracking cookies, trojans and the like along the lines of AVG/Ewido antispy, but I don't know if there is anything out there for Linux. Any other suggestions would be appreciated. A NAT router is out of the question where I am.

    Thanks very much.

    george75

    PS: Ubuntu 7.04 is the first distro of Linux that I can actually work with. I prefer it to Windows XP Pro, although it still has some of the Linux instabilities in the Gui's and some of that very difficult mentality that requires a doctorate in computer science to be able to set the thing up entirely. But it seems to me that in about a year it will be a package that could compete with XP for the more educated user--if not yet the average user. george
     
  2. tansu

    tansu Registered Member

    Joined:
    Sep 13, 2005
    Posts:
    210
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Get rid of the antivirus, it is not needed. There are so few viruses that it will not help much except in protecting people whom you send e-mail to. Even if you do somehow get a virus, it won't be able to do much since it is limited by the fact you are logged in as a user.

    The best security is logging in as a user, always. Never log in as root. su (or sudo) will always help you if you need root privileges.

    In addition, don't run and install stuff you don't need that opens up connections and listens. This means more applications listening that possibly may have holes that can be exploited, and lead to your box being exploited.

    If you need ssh, make sure to configure it to disallow root logins, set max number of tries, ensure all the users' passwords are long enough, and try to use public/private key authentication if possible.

    Also, use the official Ubuntu repositories and install all of your software from there unless you find software not found in the repositories, you trust the maker of the software, and then you download the source code from the website and compile+install it yourself.

    That covers the basics, which is not much seeing as though the *nix security model of being a user at all times really benefits security, a lot.

    Cheers,

    Alphalutra1
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,
    Alpha summed it up nicely. Forget the Windows problems. Sit back, relax and enjoy. Strong root password and firewall and Bob's your uncle.
    Mrk
     
  5. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    ... and Fanny's your Aunt.

    My only concern is if I unwittingly pass-on a threat, which I still can do when I'm using Linux.
     
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Great post, but i feel you could say more.:) We can have fun no?
     
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I mean, I really don't even do too much at all after I set up a system. The most security I slap on besides what I already mentioned is that I set pf to start up with the ruleset I made, since openbsd really is pretty secure off the base install and so is freebsd and archilnux since I do such minimal installs. However, if you use linux, then iptables would be what you would use, and I hear that firestarter is a nice GUI for configuring it, although I prefer to do everything through conf files myself.

    The key prevention of people remotely attacking and rooting your box is that you don't want anything vulnerable exposed to the internet. A firewall will get rid of allowing any connections to services you are unaware are running and that accept opening connections. However, most products will allow you to configure them to only listen on localhost, or have a list of allowed hosts. I know that mpd (music player daemon) and sendmail do this for sure.

    In addition, don't run things like ftp, sendmail, etc. if you don't use it or need it. It is only inviting trouble.

    As for SSH, I consider it an awesome feature and application, but it does allow remote access to your pc and thus invites remote attackers. If you peruse your sshd logs, you will see hundreds of attempts from scripts that randomnly guess username and passwords trying to be able to log into your computer. A good way to avoid the scripts is to move ssh to a different port. However, this only gets rid of automated scripts, but people will still be able to detect that ssh is running from nmap.

    In order to circumvent any possible guessing of username and passwords or prevention of an attack if someone does gain the information, ssh keys are really the best things, since you have to have the private key on person in order to log into the computer. This gets rid of all possible brute force attacks if you have disabled password authentication and go key-based only. The arch linux wiki has a nice article on ssh keys here.

    Some nice tools are things like tripwire and aide which can help detect if you have been remotely compromised by checking checksums and changes of files, but those are the only real security tools I have installed. chkrootkit also will scan for rootkits and see if you have one.

    Not really much info., but if you have anything specific you want to ask I may know a bit.

    Cheers,

    Alphalutra1
     
  8. GS2

    GS2 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    42
    Ok if you have some time, I suggest you read this excellent essay:
    http://www.kernelthread.com/publications/security/index.html

    It will give you some excellent background to the dangers.

    Root is not a problem, if you know what you are doing, the same goes for sudo. Incidentally I use my root account on slackware often, how else would one compile from source ?

    Linux does have weaknesses, just like Windows - no OS is completely secure and safe.
     
  9. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Compiling is fine, but its the installing to directories that are non-writable by the user that causes the problems :p

    Cheers,

    Alphalutra1
     
  10. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    To all:

    It seems that I didn't get notified that I had some more replies to my question--or at least I didn't look in the right place.

    Thanks very much to Alphalutra1 for his counsels, although some of what he said is beyond me.

    Let me pose some questions, first the questions that I originally came today to post that I didn't feel had been handled by the original few replies that I knew about, and then questions which flow out of the previous posts.

    Let's assume that viruses aren't a problem. Of course there is a variety of opinions about Windows viruses that would 'pass through' your Linux system, but let's leave that. What about spyware? Tracking cookies? That sort of thing?

    On Windows, we can load the Hosts file with a bunch of IP addresses that all point to 127.0.0.1, the local machine, thus preventing communication with tracking sites, bad sites and so on. Is there anything similar in Linux? How is it done? I have installed firestarter and got a perfect stealth rating from the Gibson site, but I really don't know how to fiddle with the IP tables in Linux, if that is how the Hosts file issue is to be handled.

    How would I inventory the services that are running and determine which constitute a security risk when I am connected to the Internet--or even otherwise? (To be noted that Ubuntu does not allow a root logon, so that the issue of never logging on as root is handled automatically.) The previous posts mentioned a few services that shouldn't be running unless absolutely necessary. You really have to dumb down your replies to the level that you give actual command line instructions: I'm a newbie to Linux and don't understand its architecture (just that the gui is unstable whereas the OS underneath isn't).

    Next, how would I go about ensuring that these unnecessary services are deleted from the lists that the OS uses at boot time--without doing damage to the boot?

    That seems to be all for the moment.

    Thanks to all.

    george75
     
  11. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    There really isn't any spyware, viruses, trojan, etc. for *nix system at the moment. There are a few rootkits and such, but those are really hard to come by, and if you don't run as root, you don't have to worry about them. However, there are tracking cookies, but if you configure your browser correctly, that won't be a problem.
    Again, I don't know how much protection that will really give you, but the file is:

    /etc/hosts

    You will have to use sudo to edit it, and the configuration is the same as that of the windows host file, you have an IP, then an address next to that
    Unfortunately, I don't have too much ubuntu experience, so I don't know what is enabled by default. However, most of the "dangerous" services that need proper configuration are not installed by default on most systems, and if you have a firewall over them then even if some managed to sneak by, then will be covered. If you start going through the ubuntu forums located here: http://ubuntuforums.org/ then there is likely a ton of advice in each section, and their community is quite nice and large so you should get a response and help within a few hours.
    Well, the forums people should help you with that. The best thing to do is actually uninstall the stuff you don't need or will ever use, but again I don't know very much on how much ubuntu actually installs. But, if uninstalling it would break the system, you could disable it from starting, but again my lack of knowledge on how ubuntu run's its startup scripts and their new fangled "upstart" system (different then the BSD-scripts which I am used to), so another user will have to chime in or the ubuntu forums will help.

    Cheers,

    Alphalutra1
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.