Is it normal for the default ftp, finger ports, and one or two others which I forget, to be open after freshly installing a Linux distro? :(

Or is it possible that I have I been cracked already? I only had the machine online for about 30 minutes when I tried out a SheildsUp port scan to reveal this information.

At any rate, I want to shut this stuff down, there is no reason for an ftp port to be open on this machine. Any tips on where a Linux security newbie should start?

Well a couple of things come to mind.

Do you run a router? If so are the ports forwarded?

If you do not run a router then look under your system tools or whatever for the firewall program.

Also are you running httpd? thats apache server

Are you allowing access to these?

I have just done a basic install, there was no option to choose whether or not you install any particular packages. However it is a minimal type Linux distro, so I don't think anything like Apache would be installed and set up by default.

I don't use a router either, I was connecting the machine directly to my ADSL modem.

I haven't set up any firewall yet either, but I was told by a Linux nazi in another non-related forum that Linux (unlike Windows XP) was "locked down", and "inherently secure" straight out of the box. Not the case it seems. I'm happy to accept that Linux may be more securable than XP, but it is not good form when people go around pronouncing that Windows users security concerns will be vastly reduced by "just installing Linux", when this doesn't seem to be the case.

With very little effort I got my XP machine to a state where it is practically invisible on the net, at least port scanners can't see me, and I don't use any of the typical security hole ridden software that comes with XP. I don't think it will be so easy for me to secure my Linux machine as fast, because I will have to learn about ipchains and all that new stuff, instead of just installing a simple to use third party software solution. What's more, the Linux nazi who told me all this stuff claimed that he worked as a security professional. Maybe he was lying, because nothing he said seems to be true to this point. If he was a professional he would have made it clear that Linux users need to be concerned about security just as much as Windows users. If he is a professional, then he is bloody crap! Sorry about that little rant. I will try to find this Linux nazi again and show him what a liar he is! :mad:

Don't worry, this isn't going to turn me off Linux though.

Download Guarddog (simple to use third party software solution). Closes those ports and any others you might have open. Scroll down toward bottom for MDK 9.0 install.
http://www.simonzone.com/software/guarddog/#download

Attached is a text for identifying and turning off services.

I was told by a Linux nazi in another non-related forum that Linux (unlike Windows XP) was "locked down", and "inherently secure" straight out of the box. Not the case it seems. I'm happy to accept that Linux may be more securable than XP, but it is not good form when people go around pronouncing that Windows users security concerns will be vastly reduced by "just installing Linux", when this doesn't seem to be the case.

Security takes many different forms. Some of these processes your concerned about are local and not anything to worry about.

There are several help files on security at this site.

http://www.linuxnewbie.org/nhf/Security You should read them, especially the "Armoring Linux" one and the IPtables one.

Most of those services that you descirbed are typically started by inetd or xinetd. You can turn them off by simply editing a few files in the /etc directory as described in the help files. Your next task should be to configure a local firewall, the IPtables help file will help you with that. Those two things will control the services running on your box and control both inbound/outbound network traffic.

On good rule to follow is to turn everthing off and block all ports and then open them up as you install services as needed. However, this might require spending some time learning what services/applications require what ports. /etc/services is a file that maps the various services to the various ports - so looking at that should help.

You also may want to install nessus which is great tool for scanning your linux box for most common/uncommon
vulnerabilities. Ideally you would run it before you hook up onto the net.

http://www.nessus.org

The good thing about the tool it also suggest what you should
do and why.