Iam a complete newbie but I could configure my apache webserver and wu-ftp server(and both are working fine) by reading some of the threads posted before on this site. But iam very concerned about securing my linux box. Please help me what are all the things i should do for security(like port scanning to see if i was ever probed, firewalling???). I am using RedHat 7.2 and i connect to internet through att cable modem.
thanks in advance.
sridhar.

the best thing to do (and most secure) is go out and buy a Linksys (or whatever other brand) router.

thanks for the suggestion. i will do it in a week.but right now i dont have a router or firewall so how do i check if i was probed before?
It would help me a lot if some body lets me know how to do a port scan
and how to configure a fire wall on redhat 7.2 linux.
thanks again

Try IPTables, a good paper on it can be found here (http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/iptables-tutorial.html)

I hope this helps. Also, try running a port scanner on your machine to see if you are running a service you don't need. you can find several scanners at astalavista.box.sk

Good luck

just fyi

"port scanning" will not tell you if you have been probed, in essence port scanning will be probing yourself, if you can instal an IDS (intrution detection system) such as SNORT or Zone alarm or somthing that aplys to linux (im a linux newb too..) then you can create a log of people that probe you,

the best way to secure linux is to shut down all uneccicary services (if you dont need to serve ftp shut it down, if you dont telnet to your self shut that down ect...) all these services are in your inetd file wich is... umm some where.. in your instalation (well it is in unix anyway) i think its like /etc/inted or somthing

ANYWAY key thing is: shut down un needed services & getting a router will help also (do both tho) :D

thanks a lot to all of you guys. it was very informative to be in this forum i am just excited at the replies to my first post.i will follow the suggestions.
thanks again.

BUY A LINKSYS ROUTER!?!?!? SECURITY!?!?!? What'cha smoking? I suppose the argument is that the linksys router uses some form of NAT thus hiding internal IP addresses, right? There's much simpler ways to protect yourself, more secure as well. A few basic firewall rules will give you as much protection as the linksys router.

Apache/wuftpd -- who are you running these for? Is this something for just your LAN or for anyone & everyone? If it's simply for your lan, a simple firewall rule will keep anyone outside of your LAN from connecting. It will take you probably about an hour reading on firewalls should you go that method. Consdering a linksys router costs about what, $100? That's $100/hour pay for figuring this simple task out.

If they have to be open to anyone/everyone, then even the linksys router will do you no good. There's not much you can do other than keep the software current. You could find more secure replacements as well. I don't know of anything for Apache, however wu-ftpd has more than it's fair share of security vulnerabilities. For basic ftp usage, you might try the OBSD FTPD. It'll let you do all the basic stuff we associate with FTP, though has less features than wu or pro.

Now, assuming those are the only two servers you need to be running, it's VERY IMPORTANT TO TURN OFF ALL UNUSED SERVICES. Many distributions will have a dozen servers of one sort or another running. Time, telnet, ident, X possibly. You can stop most of those from /etc/inetd.conf . If you don't know what it is, you don't need it. Put a # in front of every line without a # in front of it to disable it from starting. Then restart inetd (either with a reboot, a "killlall -HUP inetd", or if you know where your dist init scripts are (good to learn) /etc/init.d/inetd restart (That is on Debian, other distributions may vary.)

That might not turn off all servers, as not everything is run from inetd. You'll also have to look into your init scripts. On debian they're stored in /etc/init.d/ (I think it's /etc/rc.d/init.d/ on RH) though you don't want to edit those directly. Your default run level has symlinks to those scripts -- you can rename the symlinks (A symlink used to start a service will start with S followed by a 2 digit number, you could have a symlink titles S20apache for example. If it doesn't start with S, it won't be used to start a service.) or remove the symlinks and that will stop the service from loading on startup.

A few simple firewall rules can be used to prevent people from connecting to services you "forgot" to disable (or usually -- "too lazy" to disable.)

There is much more you can do to be anal about your security. Simply firewalling any open services/disabling everything you don't need will get you _fairly_ secure. (or _much_ more secure than Windows.)

OH C'MON!!! Not another one... FTP is a huge security hole!!! Use scp...

wu-ftp is not secure...trying using something different.

-qweqwe

Here is a secure ftpd. So far :)
http://vsftpd.beasts.org/

Originally posted by The Elf


There is much more you can do to be anal about your security. Simply firewalling any open services/disabling everything you don't need will get you _fairly_ secure. (or _much_ more secure than Windows.)

Hey Elf is Right, If one were to take the Time to shut off ALL un-needed services and properly configure IPTABLES this IS all one really needs, why waste money needlessly. IPTABLES will Stealth your ports from probing just as good if not better than zone alarm or black ice, etc. BUT the most important thing is this ...pwconv.... type this as root to shadow your passwords!!

I am running Mandrake 8.2 and none of those dicections about inet.conf or /etc/rc.d/ seem to apply. The xinetd.conf (which seems to have replaced the inetd.conf) seems to be void of anything like anything says it should be. I have tried to shut down all the uneeded services I know how to, but that is pretty much limited to what is listed in DrakConf.
I have shut down xinetd completely as well as httpd and ftpd (until I figure them out better). Anyone have know of anything else I can do?