Linuxathome.net - Linux news and help for home broadband internet users
 Home | Files | Case Mods | Reviews | Forum | Search | Links | RDF | Contact | Uptime | Server Info | Tracker
Sections

Installation Guide
Setting Up
Internet Sharing
Port Forwarding
Services Config
Installing Programs
Game Servers
Using IPTables
Useful Commands
Kernel Upgrading
System Recovery
Red Hat 7.2 Setup
OpenBSD Setup
BPA Login Setup
PPPoE Setup
Add New Hardware
Using PPTP VPN
VMware ESX Cmds
Our RC5 Team
Folding@Home
Help Support Us

 
Articles
Linux Security
NetStats FAQ
Linux KIS Trojan
CAT5/LAN Cables
Domain Names
Presario RH Install APC Debian DVD
 
Slashdot.org
  • Google's Machine Learning Is Analyzing Data From NASA's Kepler Space Telescope
  • Does Systemd Makes Linux Complex, Error-Prone, and Unstable?
  • After Automating Order-Taking, Fast Food Chains Had to Hire More Workers
  • Researchers Say Human Lifespans Have Already Hit Their Peak
  • Launch of Bitcoin Futures Trading Crashes CBOE Site
  • Top iOS Apps of 2017: Bitmoji Beats Snapchat, YouTube, and Facebook Messenger
  • Coinbase Warns During Times of High Volatility, Access Could Become 'Unavailable'
  • Exhausted Amazon Drivers Are Working 11-Hour Shifts For Less Than Minimum Wage
  • Did Programming Language Flaws Create Insecure Apps?
  • FCC Refuses Records For Investigation Into Fake Net Neutrality Comments
  • Microsoft's 'Malware Protection Engine' Had A Remote Code Execution Flaw
  • New Satellite Experiment Helps Confirm Einstein's Equivalence Principle
  • Touting Government/Industry 'Partnership' on Security Practices, NIST Drafts Cybersecurity Framework Update
  • Ask Slashdot: Are There Any Good Smartwatches Or Fitness Trackers?
  • 'Cards Against Humanity' Gives Out $1000 Checks
  •  
    Affiliates

    TweakTown.com
    ZGeek.com
    pebkac-consulting.com.au

     
    Webmail
      E-mail Address:

    Password:


     

      Securing You Machine

      Due to a few requests we have compiled this page to help you better secure your Linux box from those devious 'hackers' and general 'attackers' that may pray upon you. Since this site deals with setting up Linux for broadband Internet there is always the risk of people trying to gain access to your machine since it is on 24/7, this guide is meant to be a starting point for making your server more secure and in the attempt to prevent the above mention people from causing problems for you.
     

      Security Guide cont'd.

     

    Protecting Your Ports
    This is a one of the best ways of securing your machine, if you prevent certain ports from being accessible from people outside your private network (LAN) then there is less chance that they will be able to gain access or cause problems (i.e. via flooding or DoS attacks etc.). To prevent ports from being visible to the outside world you will need to modify your firewall or even better yet you can download an secure firewall script and then modify it to allow the things you want to allow.

    In the previous Setup and Sharing section of this site we described a very simple method of firewalling, this was just using the default action of DENY, although this is good, its not the best, you can do better.

    There are many comprehensive firewall scripts available on the net that can be freely downloaded, we will only talk about a couple here:

    rc.firewall
    Download: http://rcf.mvlan.net/

    "rcf (aka rc.firewall) is an ipchains-based firewall with support for over 50 network services (including vtun, dhcp, nfs, smb, napster, proxies, online games, etc.), masquerading, port forwarding, and ip accounting. All services are self-contained modules which can be prioritized in the ipchains stack. Protections include spoofing, stuffed routing/masqerading, DoS, smurf attacks, outgoing port scans, and many more. rcf also supports unlimited public, private (masqu'ed), dmz, and mz (non-masq'ed) interface and their subnets. Access rules are defined per interface and dmz/mz server "clusters". rcf is compatible with Red Hat, Slackware, Debian, Linux Router Project (LRP), and many other distros. rcf is distributed under the General Public License (GPL) terms."

    As with most Linux things rc.firewall comes in both a tarball version (rcf-5.1.tar.gz) and a rpm version (rcf-5.1-1.noarch.rpm) for those of you with Red Hat and any distro that supports RPM technology.

    Below is the instructions for installing the tarball version, to install the rpm just type rpm-ivh rcf-5.1-1.noarch.rpm and then you can configure it as below.

    INSTALLATION:
    1. Untar the package by typing tar xzvf rcf-5.1.tar.gz.
    2. Next, cd into the directory it creates, e.g. cd rcf-5.1/.
    3. Read the INSTALL file provided. i.e. cat INSTALL | more.
    4. Run sh install.sh and follow the prompts, or follow the manual instructions from the INSTALL file.
    5. Edit the appropriate files and start the script. (please read the rc.firewall site mentioned above for details)

    PMfirewall
    Download: http://www.pointman.org/

    "PMFirewall is an Ipchains Firewall and Masquerading Configuration Utility for Linux. It was designed to allow a beginner to build a custom firewall with little or no ipchains experience."

    This firewall only comes in a tarball version (pmfirewall-1.1.4.tar.gz) and should support just about any version of Linux according to their site.

    INSTALLATION:
    1. Untar the package by typing tar xzvf pmfirewall-1.1.4.tar.gz.
    2. Next, cd into the directory it creates, e.g. cd pmfirewall-1.1.4/.
    3. Read the README and INSTALL files provided. i.e. cat README | more, cat INSTALL | more.
    4. Run sh install.sh and follow the prompts.
    5. Add you own rules to pmfirewall.rules.local.
    6. Start pmfirewall using the path given by the install script.
    7. Read the man page.
    8. If you wish to see the rules, type: ipchains -L -n
    9. If you have a problem then read the supplied man page. Otherwise e-mail the creator Rick Johnson.

    Firestarter Firewall
    Download: http://firestarter.sourceforge.net/

    For those of you who want a GUI based firewall then this is definately your choice, its easy to install and can be setup by following the simple steps in the GUI.

    "It features an easy to use firewall wizard to quickly create a firewall. Using the program you can then open and close ports with a few clicks, or stealth your machine giving access only to a select few. The real-time hit monitor shows attackers probing your machine. Firestarter is made for the GNOME desktop."

    You can download the program in either a RPM (firestarter-0.7.1-1.i386.rpm) version or a tarball (firestarter-0.7.1.tar.gz), just use the usual methods to extract them. Firestarte requires GNOME 1.2 or later and IPChains for 2.2.x machines and Netfilter for 2.4.x ones.

    Below is just a quick screenshot of Firestarter in action:

    Stick's Firewall
    Download: http://www.sticks.f2s.com/

    This custom firewall by Dave Fitches comes in both a IPchains and IPtables (for 2.4.x kernels) version, these are definitely worth a visit if you want to write your own or just get a nice simple to understand and powerful firewall script.

    In order to use these scripts all you must do is go to the above mentioned pages and copy the test and paste it into a document on your Linux machine, e.g. for the IPchains version just copy the text and open pico filewall.ipchains and past the script into that. You will then need to chmod +x firewall.ipchains, now you can run it, or modify it as you need. Please visit his site for detailed information and setup instructions.

    Final notes and conclusion... CONTINUE

    Proudly Hosted By:
    Hosted by PEBKAC Consulting

    Please read our Legal Notice for information concerning our site and its content.
    All logos and trademarks in this site are property of their respective owner. All the rest © 2000 - 2016 by Linuxathome.net

    Reviews

    D-Link DI-704P
    VIA EPIA-M 9000
    Tux Applique
    Ricoh MP5125A
    AMD XP 2600+
    3DProphet 9000Pro
    Radeon 9700 Pro
    XTNDAccess IrDA
    Netgear FS-524s
    DSR2161 KVM
    Game TheaterXP & XPS-510 Speakers
    3D Prophet 4000XT
    AutoView 400
    Back-UPS CS 350
    Dual Neon Kit
    SwitchView KVM
    20x4 LCD Kit
    Window Kit

     
    Kuro5hin.org
    XML error: Mismatched tag at line 27.
     
    Google (Linux)
    Enter Keywords:

     
    Bash Jokes

    % rm Quayle-brains

    rm: Quayle-brains nonexistent

     
    Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

    The Community ENTerprise Operating System

    Get Slackware Linux

    Use OpenOffice.org

    Use Asterisk