Linuxathome.net - Linux news and help for home broadband internet users
 Home | Files | Case Mods | Reviews | Forum | Search | Links | RDF | Contact | Uptime | Server Info | Tracker
Sections

Installation Guide
Setting Up
Internet Sharing
Port Forwarding
Services Config
Installing Programs
Game Servers
Using IPTables
Useful Commands
Kernel Upgrading
System Recovery
Red Hat 7.2 Setup
OpenBSD Setup
BPA Login Setup
PPPoE Setup
Add New Hardware
Using PPTP VPN
VMware ESX Cmds
Our RC5 Team
Folding@Home
Help Support Us

 
Articles
Linux Security
NetStats FAQ
Linux KIS Trojan
CAT5/LAN Cables
Domain Names
Presario RH Install APC Debian DVD
 
Slashdot.org
  • Cord-Cutting Still Doesn't Beat the Cable Bundle
  • Driverless Cars Need a Lot More Than Software, Ford CTO Says
  • Supreme Court Asked To Nullify the Google Trademark
  • Intel Launches 8th Generation Core CPUs
  • UK.gov To Treat Online Abuse as Seriously as Hate Crime in Real Life
  • How the Voyager Golden Record Was Made
  • Apple Looks For Exceptional Engineer With a Secret Job Posting
  • The Windows App Store is Full of Pirate Streaming Apps
  • Microsoft Speech Recognition Now As Accurate As Professional Transcribers
  • Elon Musk Backs Call For A Global Ban On Killer Robots
  • Plex Responds, Will Allow Users To Opt Out Of Data Collection
  • Ask Slashdot: How Can You Teach Programming To Schoolchildren?
  • Alleged Yahoo Hacker Will Be Extradited To The US
  • 50,000 Users Test New Anti-Censorship Tool TapDance
  • Bug In Lowe's Site Sold Goods For Free. Couple Arrested For Exploiting It
  •  
    Affiliates

    TweakTown.com
    ZGeek.com
    pebkac-consulting.com.au

     
    Webmail
      E-mail Address:

    Password:


     

      Securing You Machine

      Due to a few requests we have compiled this page to help you better secure your Linux box from those devious 'hackers' and general 'attackers' that may pray upon you. Since this site deals with setting up Linux for broadband Internet there is always the risk of people trying to gain access to your machine since it is on 24/7, this guide is meant to be a starting point for making your server more secure and in the attempt to prevent the above mention people from causing problems for you.
     

      Security Guide cont'd.

     

    Note: It is also recommended that you take care of the following issues.

  • You may need to customise your firewall scripts to allow any non standard Internet applications that you may use, to do this you will probably be able to find information on the specific application in a How-To or by doing a web search here. One such example is the BigPond Advance Heartbeat signal, unless you allow this you will have big problems connecting.
  • There are many websites out there and programs that will test the security of your network, most are free and give you a simple run down of the wholes (ports open) on your network, once such site is http://scan.sygatetech.com/.
  • If your not using a specific port and it is open and viewable from the outside, then find the program that is responsible and kill it (unless of cause you need it).
  • Another very strongly recommended idea is that you keep upto date reading and looking at papers and DoS articles on the programs that you use, it is suggested that you update your programs as frequently as possible. (this is where RPMS and up2date by Red Hat come in very handy)

    Other Methods
    Yet another problem for securing your machine are services that are running on your machine but not being used at all, these can provide easy attack points if they are well know to have little security holes, to better secure your machine you should not run anything that is not being used. S
    ome of these services include, Apache, FTP, Sendmail, Samba, Telnet (especially if you only use SSH) and any other ones you may have running. Each of these can be shutdown without any problems, and you should use linuxconf to set them not to start automatically when your machine boots.

    Another thing that is recommended is to get rid of the default FTP program that comes with Linux and install ProFTPd, this is a nicer and more secure FTP daemon (server) and is quite easy to setup. For downloading and instructions, visit the homepage http://www.proftpd.net/. For installation help please visit the programs section of the this site, located here.

    If you are ever hacked or getting problems (DoS attack or similar) then it is a good idea to block the IP of the person who they came from, this can be done by adding the IP to the file /etc/hosts.deny.

    Final Notes
    As usual keeping your software up-to-date is the best way of insuring the security of you machine is high. If your running Red Hat 7.0 then you can use the up2date program to update certain parts of the system, other distributions may have a similar mechanism for updates but otherwise it is up to you to upgrade with new RPMS, new source and a better Kernel when they are released.

    Another good idea is to keep your eyes out and read articles on programs that you are installing on your machine (as mentioned previously), some have small security holes (most which can be fixed with a simple update or patch install) or some may have major problems. If you find that a particular program you are running is susceptible to a DoS attack or a tricky little backdoor via a coding bug then its imperative that you find the appropriate fix or temporarily shutdown that program or service.

    Once again, a Linux machine is only as secure as you make it, if your worried about being hacked or have been hacked then you should really think about upgrading the security on your machine. This is a simple started guide and you can go on to more complex methods from here. Hope that this helps some of you out. Any comments then please feel free to e-mail me mayhem (at) linuxathome.net, for specific help with firewalls I recommend e-mailing the authors of the described scripts.

  • Proudly Hosted By:
    Hosted by PEBKAC Consulting

    Please read our Legal Notice for information concerning our site and its content.
    All logos and trademarks in this site are property of their respective owner. All the rest © 2000 - 2016 by Linuxathome.net

    Reviews

    D-Link DI-704P
    VIA EPIA-M 9000
    Tux Applique
    Ricoh MP5125A
    AMD XP 2600+
    3DProphet 9000Pro
    Radeon 9700 Pro
    XTNDAccess IrDA
    Netgear FS-524s
    DSR2161 KVM
    Game TheaterXP & XPS-510 Speakers
    3D Prophet 4000XT
    AutoView 400
    Back-UPS CS 350
    Dual Neon Kit
    SwitchView KVM
    20x4 LCD Kit
    Window Kit

     
    Kuro5hin.org
    XML error: Mismatched tag at line 26.
     
    Google (Linux)
    Enter Keywords:

     
    Bash Jokes

    % ar m God

    ar: God does not exist

     
    Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

    The Community ENTerprise Operating System

    Get Slackware Linux

    Use OpenOffice.org

    Use Asterisk