Linuxathome.net - Linux news and help for home broadband internet users
 Home | Files | Case Mods | Reviews | Forum | Search | Links | RDF | Contact | Uptime | Server Info | Tracker
Sections

Installation Guide
Setting Up
Internet Sharing
Port Forwarding
Services Config
Installing Programs
Game Servers
Using IPTables
Useful Commands
Kernel Upgrading
System Recovery
Red Hat 7.2 Setup
OpenBSD Setup
BPA Login Setup
PPPoE Setup
Add New Hardware
Using PPTP VPN
VMware ESX Cmds
Our RC5 Team
Folding@Home
Help Support Us

 
Articles
Linux Security
NetStats FAQ
Linux KIS Trojan
CAT5/LAN Cables
Domain Names
Presario RH Install APC Debian DVD
 
Slashdot.org
  • The US Government Keeps Spectacularly Underestimating Solar Energy Installation
  • Body Camera Study Shows No Effect On Police Use of Force Or Citizen Complaints
  • Software Developer Creates Personal Cryptocurrency
  • Elon Musk Begins Digging a Hyperloop Tunnel In Maryland
  • Vungle CEO Arrested For Child Rape and Attempted Murder
  • Google Says 64 Percent of Chrome Traffic On Android Now Protected With HTTPS, 75 Percent On Mac, 66 Percent On Windows
  • Arkansas Will Pay Up To $1,000 Cash To Kids Who Pass AP Computer Science A Exam
  • Body Camera Giant Wants Police To Collect Your Videos Too
  • Twitter Plans To End Revenge Porn Next Week, Hate Speech In Two
  • The AI That Has Nothing to Learn From Humans
  • Consumer Reports Refuses To Recommend Microsoft Surface Book 2
  • Student Expelled After Using Hardware Keylogger to Hack School, Change Grades
  • Laptops Could Be Banned From Checked Bags on Planes Due To Fire Risk
  • Smartwatches For Kids Are a Total Privacy Nightmare
  • Japan's SoftBank Says It Could Invest as Much As $880 Billion in Tech
  •  
    Affiliates

    TweakTown.com
    ZGeek.com
    pebkac-consulting.com.au

     
    Webmail
      E-mail Address:

    Password:


     

      Securing You Machine

      Due to a few requests we have compiled this page to help you better secure your Linux box from those devious 'hackers' and general 'attackers' that may pray upon you. Since this site deals with setting up Linux for broadband Internet there is always the risk of people trying to gain access to your machine since it is on 24/7, this guide is meant to be a starting point for making your server more secure and in the attempt to prevent the above mention people from causing problems for you.
     

      Security Guide cont'd.

     

    Protecting Your Ports
    This is a one of the best ways of securing your machine, if you prevent certain ports from being accessible from people outside your private network (LAN) then there is less chance that they will be able to gain access or cause problems (i.e. via flooding or DoS attacks etc.). To prevent ports from being visible to the outside world you will need to modify your firewall or even better yet you can download an secure firewall script and then modify it to allow the things you want to allow.

    In the previous Setup and Sharing section of this site we described a very simple method of firewalling, this was just using the default action of DENY, although this is good, its not the best, you can do better.

    There are many comprehensive firewall scripts available on the net that can be freely downloaded, we will only talk about a couple here:

    rc.firewall
    Download: http://rcf.mvlan.net/

    "rcf (aka rc.firewall) is an ipchains-based firewall with support for over 50 network services (including vtun, dhcp, nfs, smb, napster, proxies, online games, etc.), masquerading, port forwarding, and ip accounting. All services are self-contained modules which can be prioritized in the ipchains stack. Protections include spoofing, stuffed routing/masqerading, DoS, smurf attacks, outgoing port scans, and many more. rcf also supports unlimited public, private (masqu'ed), dmz, and mz (non-masq'ed) interface and their subnets. Access rules are defined per interface and dmz/mz server "clusters". rcf is compatible with Red Hat, Slackware, Debian, Linux Router Project (LRP), and many other distros. rcf is distributed under the General Public License (GPL) terms."

    As with most Linux things rc.firewall comes in both a tarball version (rcf-5.1.tar.gz) and a rpm version (rcf-5.1-1.noarch.rpm) for those of you with Red Hat and any distro that supports RPM technology.

    Below is the instructions for installing the tarball version, to install the rpm just type rpm-ivh rcf-5.1-1.noarch.rpm and then you can configure it as below.

    INSTALLATION:
    1. Untar the package by typing tar xzvf rcf-5.1.tar.gz.
    2. Next, cd into the directory it creates, e.g. cd rcf-5.1/.
    3. Read the INSTALL file provided. i.e. cat INSTALL | more.
    4. Run sh install.sh and follow the prompts, or follow the manual instructions from the INSTALL file.
    5. Edit the appropriate files and start the script. (please read the rc.firewall site mentioned above for details)

    PMfirewall
    Download: http://www.pointman.org/

    "PMFirewall is an Ipchains Firewall and Masquerading Configuration Utility for Linux. It was designed to allow a beginner to build a custom firewall with little or no ipchains experience."

    This firewall only comes in a tarball version (pmfirewall-1.1.4.tar.gz) and should support just about any version of Linux according to their site.

    INSTALLATION:
    1. Untar the package by typing tar xzvf pmfirewall-1.1.4.tar.gz.
    2. Next, cd into the directory it creates, e.g. cd pmfirewall-1.1.4/.
    3. Read the README and INSTALL files provided. i.e. cat README | more, cat INSTALL | more.
    4. Run sh install.sh and follow the prompts.
    5. Add you own rules to pmfirewall.rules.local.
    6. Start pmfirewall using the path given by the install script.
    7. Read the man page.
    8. If you wish to see the rules, type: ipchains -L -n
    9. If you have a problem then read the supplied man page. Otherwise e-mail the creator Rick Johnson.

    Firestarter Firewall
    Download: http://firestarter.sourceforge.net/

    For those of you who want a GUI based firewall then this is definately your choice, its easy to install and can be setup by following the simple steps in the GUI.

    "It features an easy to use firewall wizard to quickly create a firewall. Using the program you can then open and close ports with a few clicks, or stealth your machine giving access only to a select few. The real-time hit monitor shows attackers probing your machine. Firestarter is made for the GNOME desktop."

    You can download the program in either a RPM (firestarter-0.7.1-1.i386.rpm) version or a tarball (firestarter-0.7.1.tar.gz), just use the usual methods to extract them. Firestarte requires GNOME 1.2 or later and IPChains for 2.2.x machines and Netfilter for 2.4.x ones.

    Below is just a quick screenshot of Firestarter in action:

    Stick's Firewall
    Download: http://www.sticks.f2s.com/

    This custom firewall by Dave Fitches comes in both a IPchains and IPtables (for 2.4.x kernels) version, these are definitely worth a visit if you want to write your own or just get a nice simple to understand and powerful firewall script.

    In order to use these scripts all you must do is go to the above mentioned pages and copy the test and paste it into a document on your Linux machine, e.g. for the IPchains version just copy the text and open pico filewall.ipchains and past the script into that. You will then need to chmod +x firewall.ipchains, now you can run it, or modify it as you need. Please visit his site for detailed information and setup instructions.

    Final notes and conclusion... CONTINUE

    Proudly Hosted By:
    Hosted by PEBKAC Consulting

    Please read our Legal Notice for information concerning our site and its content.
    All logos and trademarks in this site are property of their respective owner. All the rest © 2000 - 2016 by Linuxathome.net

    Reviews

    D-Link DI-704P
    VIA EPIA-M 9000
    Tux Applique
    Ricoh MP5125A
    AMD XP 2600+
    3DProphet 9000Pro
    Radeon 9700 Pro
    XTNDAccess IrDA
    Netgear FS-524s
    DSR2161 KVM
    Game TheaterXP & XPS-510 Speakers
    3D Prophet 4000XT
    AutoView 400
    Back-UPS CS 350
    Dual Neon Kit
    SwitchView KVM
    20x4 LCD Kit
    Window Kit

     
    Kuro5hin.org
    XML error: Mismatched tag at line 27.
     
    Google (Linux)
    Enter Keywords:

     
    Bash Jokes

    % "How would you rate Bush's incompetence?

    Unmatched ".

     
    Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

    The Community ENTerprise Operating System

    Get Slackware Linux

    Use OpenOffice.org

    Use Asterisk