[99729] in RedHat Linux List
Re: Securing a box suggestions?
daemon@ATHENA.MIT.EDU (Jeff Sharpe)
Mon Nov 16 19:02:10 1998
Date: Mon, 16 Nov 1998 16:01:57 -0800
From: Jeff Sharpe <jeff@sfg.com>
Reply-To: jeff@3-c.net
To: redhat-list@redhat.com, james@kites.org
X-MDaemon-Deliver-To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
James Ervin wrote:
>
> I have had it with hackers.
You mean crackers I hope? :-)
> I have been broken into three times in the past two weeks. I run 7 RH
> boxes that are all hard wired to the net. Some are firewalls/nat boxes,
> some are web servers and some are mail servers. What I have done is remove
> telnet, all the r* stuff and installed ipfwadm on all the boxes. I have
> also commented out all services in inetd.conf that are need needed for the
> function of the box.
>
> With ipfwadm I am limiting traffic to only the ports needed to do the job
> of the box. I have also installed SSH2 and use it to manage all the boxes.
> I feel real good about 6 of the 7 boxes. I will remove gcc from all the
> boxes once I have the setup I need finalized and installed.
>
> Since I must leave FTP open for the users, how can I make FTP more secure?
> How can I stop people from moving around the file system?
! A few options on FTP, for the version standard with RedHat, check
their site for suggestions on making this version more secure. Also
consider moving your FTP daemon to another application, wuftd or aftp (a
simplistic ftp daemon), is one option I believe.
> The users are dial up users from all over the world and the use of
> hosts.allow and hosts.deny is a little out of the question since they come
> from all over the world. A few users pop in from all over the world as well.
Though a default ALL : ALL in hosts.deny and only allowing daemon's
being used in hosts.allow is benificial (I like several layers of
protection if I can help it).
Perhaps not much help in this situation, but may be worth a look - check
out xinetd. Another inetd application with many more options.
> Are there any security folks out there that can suggest ways to leave this
> box open to the ftp/pop users and limit the possible damage?
Keep /etc/ftpusers current, remove symbolic links in your ftp root dir,
permissions of course... thats off the top of my head.
> Lastly, are there any good books that you would recommend on linux/unix
> security?
As always, the bible from O'Reilly, Practical Unix & Internet Security.
Also check out the various security lists (linux-security@redhat.com
comes to mind) and sites, there may be much more comprehensive help in
those.
Hopefully that helps you a little.
J
--
Jeff Sharpe
Senior Developer, SFG Tech.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
