Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to secure my system (rh 7.0), and all the documentation mentions editing /etc/inetd.conf to meet my needs (allow specific resources to Internet). But - v7.0 uses xinetd.conf, which has very little information in it. Is there another file I should be editing to secure my system? Help?
For info on xinetd just look at www.xinetd.org :-]
Theres a few sides to safety on a box: users & accounts, network services & access and system & application security.
it all needs time to compile, install & configure, but u should end up with a pretty much secured box.
Users & accounts u can configure tru linuxconf granting & denying them access, PAM for restrictions and the SUDO package for allowing them access to resources owned by root they usually may not work with. Also make sure ure working with shadow passwords.
System & application security uve got to handle by making sure u stay updated on vulnerabilities (links below) and regularly check for signs of smptin weird going on with an intrusion detector/file integrity checker smtpin like chrootkit, aide or tripwire.
Network services & access is handled tru (x)inetd (hopefully compiled with tcpwrappers), a firewall(script) and maybe some sort of detection capability like Portsentry, Snort, IPPL, scandetd etc.
Handling (x)inetd, the first thing is to comment out (put a hash mark in front of the lines) each local service u aint providing to the internet.
*The best way is to comment out EVERYTHING, and to enable stuff if its necessary. Heres a partial checklist on what to disable: echo, discard, daytime, chargen, ftp, telnet, gopher, smtp, nntp, shell, login, exec, talk, ntalk and dtalk, pop-(2 &3), imap, uucp, tftp, bootps, finger, cfinger, systat, netstat, time, auth and linuxconf.
The only service u want to be running is finger if ure on IRC, but replace it with safe_finger.
Open an xterm window and w/o quotes try "ps ax" and note if any of the above are running.
Open /etc/inittab and look for "initdefault" and notice the number, it corresponds with a /etc/rc.d/rc(number).d/ runlevel where each of these services will be stopped/started if u enter the runlevel on boot, or if u switch with telinit (number).
For each of the running services u dont want, change the captial S(tart) in a capital K(ill). Reboot.
Now install a firewall. if uve got a 2.0x kernel its ipfwadm, for 2.2x its ipchains and for 2.4x its iptables.
Go back up in this post and read about securing the rest.
Top it off with some reading material on security:
Security tips: www.cert.org/tech_tips/ and www.cert.org/security-improvement/, www.securityportal.com/research/research.linuxsecurity.html
Top ten vulnerabilities: www.sans.org/topten.htm and www.cert.org/present/cert-overview-trends/index.htm
Firewalling: www.infosyssec.net/infosyssec/firew1.htm, www.linux-firewall-tools.com/linux/
Securing Xwindows: www.uwsg.indiana.edu/usail/external/recommended/xsecure.html
Or, if ure cruisin for links, try n read something else, search/visit these places/ppl that mean something: Sans, cert, auscert, securityfocus, bugtraq, lance spitz, dugsong, loki, robert graham, dave dittrich, wietse venema, fyodor, monark
unSpawn thanks for all of the helpful information! But - when I look in my xinetd.conf file other than 4 default lines - there is nothing else in it. Is there somewhere else I should check to disable services?
all services run from xinetd.conf, except RPC which needs inetd. just keep the services u want to run, comment (hash) the other services out. restart xinetd. check with "ps ax" if no services are started u dont wanna run. same routine goes for inetd. as an alternative u can disable (x)inetd if u dont plan on running any services.
I searched through linuxnewbie.org and found from a user who is attempting to do the same as I - another user replied stating RH has changed the configuration for inetd services. You know must run #setup and it will walk you through a gui interface for system configurations (services) + it will stop and restart the services automatically.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.