Introduction to Linux Security Introduction to Linux Security Republic Polytechnic Thursday 2 nd September 2004 By Michael Boman <michael.boman@boseco.com>

Introduction to

Linux Security

Republic Polytechnic

Thursday 2 nd September 2004

By

Michael Boman

<michael.boman@boseco.com>

What we will cover: Turning off unnecessary servers and services Limit exposure of needed servers and services using IPTables Updating the system Reading Linux log files Q & A

Turning off unnecessary servers and services

Limit exposure of needed servers and services using IPTables

Updating the system

Reading Linux log files

Q & A

Turning off xinetd launched services Locate the relevant file in /etc/xinetd.d Change “no” to “yes” in the “disable” field Restart xinetd service xinetd restart

Locate the relevant file in /etc/xinetd.d

Change “no” to “yes” in the “disable” field

Restart xinetd

service xinetd restart

Controlling Daemons Temporary turn a daemon off service <daemon-name> stop Permanently removing a daemon from automatically starting at boot up chkconfig –del <daemon-name> Daemons start/stop scripts are stored in /etc/init.d

Temporary turn a daemon off

service <daemon-name> stop

Permanently removing a daemon from automatically starting at boot up

chkconfig –del <daemon-name>

Daemons start/stop scripts are stored in /etc/init.d

Who opened that port? Use netstat to locate the application that opened a particular port netstat -tunl -t = tcp -u = udp -n = don't resolve -l = listen only

Use netstat to locate the application that opened a particular port

netstat -tunl

-t = tcp

-u = udp

-n = don't resolve

-l = listen only

Limit access to required daemons What can you do when you actually need that service? Bind the service to localhost (ip address 127.0.0.1), if possible Enable IPTables and control access to the particular service

What can you do when you actually need that service?

Bind the service to localhost (ip address 127.0.0.1), if possible

Enable IPTables and control access to the particular service

Keeping the system up-to-date All systems becomes vulnerable as time passes and new vulnerabilities are discovered Always keep your system up-to-date to avoid unnecessary time spent on recovering from a intrusion

All systems becomes vulnerable as time passes and new vulnerabilities are discovered

Always keep your system up-to-date to avoid unnecessary time spent on recovering from a intrusion

Linux log files Log files are generally located in /var/log Syslog is the daemon that controls and create the log files Use a tool like “log check” to limit the amount of lines of logs to read through

Log files are generally located in /var/log

Syslog is the daemon that controls and create the log files

Use a tool like “log check” to limit the amount of lines of logs to read through

Advanced Techniques Use a file integrity checker like “tripwire” to keep an eye at changed files Use a Network IDS like “snort” to monitor attacks from the network

Use a file integrity checker like “tripwire” to keep an eye at changed files

Use a Network IDS like “snort” to monitor attacks from the network

Questions? Got any questions? Now is the time to ask them!

Got any questions? Now is the time to ask them!

Recommended reading material Security Focus www.securityfocus.com Linux Security www.linuxsecurity.org The Linux Documentation Project www.tldp.org IPTables www.netfilter.org Snort Network Intrusion Detection Software www.snort.org

Security Focus

www.securityfocus.com

Linux Security

www.linuxsecurity.org

The Linux Documentation Project

www.tldp.org

IPTables

www.netfilter.org

Snort Network Intrusion Detection Software

www.snort.org