Introduction To Linux Security

2,419 views

Published on

Introduction to Linux Security presentation for Linux User Group (Singapore) 2004/4/7

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,419
On SlideShare
0
From Embeds
0
Number of Embeds
57
Actions
Shares
0
Downloads
268
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Introduction To Linux Security

  1. 1. Introduction to Linux Security <ul><ul><li>Introduction to </li></ul></ul><ul><ul><li>Linux Security </li></ul></ul><ul><ul><li>Republic Polytechnic </li></ul></ul><ul><ul><li>Thursday 2 nd September 2004 </li></ul></ul><ul><ul><li>By </li></ul></ul><ul><ul><li>Michael Boman </li></ul></ul><ul><ul><li><michael.boman@boseco.com> </li></ul></ul>
  2. 2. What we will cover: <ul><li>Turning off unnecessary servers and services </li></ul><ul><li>Limit exposure of needed servers and services using IPTables </li></ul><ul><li>Updating the system </li></ul><ul><li>Reading Linux log files </li></ul><ul><li>Q & A </li></ul>
  3. 3. Turning off xinetd launched services <ul><li>Locate the relevant file in /etc/xinetd.d </li></ul><ul><li>Change “no” to “yes” in the “disable” field </li></ul><ul><li>Restart xinetd </li></ul><ul><ul><li>service xinetd restart </li></ul></ul>
  4. 4. Controlling Daemons <ul><li>Temporary turn a daemon off </li></ul><ul><ul><li>service <daemon-name> stop </li></ul></ul><ul><li>Permanently removing a daemon from automatically starting at boot up </li></ul><ul><ul><li>chkconfig –del <daemon-name> </li></ul></ul><ul><li>Daemons start/stop scripts are stored in /etc/init.d </li></ul>
  5. 5. Who opened that port? <ul><li>Use netstat to locate the application that opened a particular port </li></ul><ul><li>netstat -tunl </li></ul><ul><ul><li>-t = tcp </li></ul></ul><ul><ul><li>-u = udp </li></ul></ul><ul><ul><li>-n = don't resolve </li></ul></ul><ul><ul><li>-l = listen only </li></ul></ul>
  6. 6. Limit access to required daemons <ul><li>What can you do when you actually need that service? </li></ul><ul><ul><li>Bind the service to localhost (ip address 127.0.0.1), if possible </li></ul></ul><ul><ul><li>Enable IPTables and control access to the particular service </li></ul></ul>
  7. 7. Keeping the system up-to-date <ul><li>All systems becomes vulnerable as time passes and new vulnerabilities are discovered </li></ul><ul><li>Always keep your system up-to-date to avoid unnecessary time spent on recovering from a intrusion </li></ul>
  8. 8. Linux log files <ul><li>Log files are generally located in /var/log </li></ul><ul><li>Syslog is the daemon that controls and create the log files </li></ul><ul><li>Use a tool like “log check” to limit the amount of lines of logs to read through </li></ul>
  9. 9. Advanced Techniques <ul><li>Use a file integrity checker like “tripwire” to keep an eye at changed files </li></ul><ul><li>Use a Network IDS like “snort” to monitor attacks from the network </li></ul>
  10. 10. Questions? <ul><li>Got any questions? Now is the time to ask them! </li></ul>
  11. 11. Recommended reading material <ul><li>Security Focus </li></ul><ul><ul><li>www.securityfocus.com </li></ul></ul><ul><li>Linux Security </li></ul><ul><ul><li>www.linuxsecurity.org </li></ul></ul><ul><li>The Linux Documentation Project </li></ul><ul><ul><li>www.tldp.org </li></ul></ul><ul><li>IPTables </li></ul><ul><ul><li>www.netfilter.org </li></ul></ul><ul><li>Snort Network Intrusion Detection Software </li></ul><ul><ul><li>www.snort.org </li></ul></ul>

×