Moderator
Registered: May 2001
Posts: 29,415
|
For info on xinetd just look at www.xinetd.org :-]
Theres a few sides to safety on a box: users & accounts, network services & access and system & application security.
it all needs time to compile, install & configure, but u should end up with a pretty much secured box.
Users & accounts u can configure tru linuxconf granting & denying them access, PAM for restrictions and the SUDO package for allowing them access to resources owned by root they usually may not work with. Also make sure ure working with shadow passwords.
System & application security uve got to handle by making sure u stay updated on vulnerabilities (links below) and regularly check for signs of smptin weird going on with an intrusion detector/file integrity checker smtpin like chrootkit, aide or tripwire.
Network services & access is handled tru (x)inetd (hopefully compiled with tcpwrappers), a firewall(script) and maybe some sort of detection capability like Portsentry, Snort, IPPL, scandetd etc.
Handling (x)inetd, the first thing is to comment out (put a hash mark in front of the lines) each local service u aint providing to the internet.
*The best way is to comment out EVERYTHING, and to enable stuff if its necessary. Heres a partial checklist on what to disable: echo, discard, daytime, chargen, ftp, telnet, gopher, smtp, nntp, shell, login, exec, talk, ntalk and dtalk, pop-(2 &3), imap, uucp, tftp, bootps, finger, cfinger, systat, netstat, time, auth and linuxconf.
The only service u want to be running is finger if ure on IRC, but replace it with safe_finger.
Open an xterm window and w/o quotes try "ps ax" and note if any of the above are running.
Open /etc/inittab and look for "initdefault" and notice the number, it corresponds with a /etc/rc.d/rc(number).d/ runlevel where each of these services will be stopped/started if u enter the runlevel on boot, or if u switch with telinit (number).
For each of the running services u dont want, change the captial S(tart) in a capital K(ill). Reboot.
Now install a firewall. if uve got a 2.0x kernel its ipfwadm, for 2.2x its ipchains and for 2.4x its iptables.
Go back up in this post and read about securing the rest.
Top it off with some reading material on security:
Security tips: www.cert.org/tech_tips/ and www.cert.org/security-improvement/, www.securityportal.com/research/research.linuxsecurity.html
Top ten vulnerabilities: www.sans.org/topten.htm and www.cert.org/present/cert-overview-trends/index.htm
Firewalling: www.infosyssec.net/infosyssec/firew1.htm, www.linux-firewall-tools.com/linux/
Securing Xwindows: www.uwsg.indiana.edu/usail/external/recommended/xsecure.html
Or, if ure cruisin for links, try n read something else, search/visit these places/ppl that mean something: Sans, cert, auscert, securityfocus, bugtraq, lance spitz, dugsong, loki, robert graham, dave dittrich, wietse venema, fyodor, monark
|