Find the answer to your Linux question:
Results 1 to 7 of 7
Hello, I'm relatively new to the Linux scene and I'm in the process of setting up a webserver using Apache 2 on the latest release of Ubuntu 8.10. Most of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2009
    Location
    Stoke, England
    Posts
    9

    Can I be comfortable with Linux Security


    Hello,

    I'm relatively new to the Linux scene and I'm in the process of setting up a webserver using Apache 2 on the latest release of Ubuntu 8.10. Most of what I've learned is from using google and these forums but coming from MS windows systems and knowing all about the security vulnerabilities I'm very conscious about the system security.

    My system is behind a router firewall which has been loyal for years so I'm pretty confident that any incoming traffic is dropped before it even hits my system. I've also setup a custom script for iptables from an online help page to block incoming traffic and disabled port forwarding as I don't need(I don't think I do anyway), it wasn't easy I tell you So I'm pretty sure that nothing can get in. However I'll need to open up port 80 to allow traffic to the webserver and this is where I'm worried.

    How would I know or tell that nothing is running malicously on the system, for example a trojan or shell script or key logger. Windows firewalls like ZoneAlarm, F-Secure let you know if something from inside the system is trying to get out and you have the option to enable or disable it, AV tools look for certain patterns of code to identify malicous code and highlight it but there seems to be nothing like this on Linux, not that I've found so far.

    Coming from Windows where a program tells me if something is accessing the internet or maybe contains malicous code I feel my system is open and vulnerable by not having this on the Linux system.

    How do I tell, do I need I to know? I little bit confidence from experts/people who know would go a long way.

    Thanks

  2. #2
    Trusted Penguin Dapper Dan's Avatar
    Join Date
    Oct 2004
    Location
    The Sovereign State of South Carolina
    Posts
    4,630
    This is a good article that may address many of your questions concerning Linux security.
    Linux Mint + IceWM Registered: #371367 New Members: click here

  3. #3
    Just Joined!
    Join Date
    Apr 2009
    Location
    Stoke, England
    Posts
    9
    Many thanks Dan, I'll give it a read

  4. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,558
    When you run a public web server, you have opened a potential vulnerability. How vulnerable depends upon a couple of things.
    Code:
    1. Don't run your web server as root. If you do, then if you get compromised, they have pwned you.
    2. If you are using a database, do not allow scripts to send raw SQL code or you become vulnerable to SQL injection attacks.
    3. Do rigorous bounds-checking of input in your web-enabled applications in order to avoid stack-overflow attacks.
    Once you open your system to web access, you will be probed. This is a given. Before you do, make sure you have secured your system and web applications as well as possible. Some studies show that exposing a system to the internet will result in probes by malware within minutes or seconds. Caveate User! and good luck!
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  5. #5
    Just Joined!
    Join Date
    Apr 2009
    Location
    Stoke, England
    Posts
    9
    Thanks for all your replies guys, I've read up about iptables and to be honest its a little over my head but I have at least got an understanding of how the firewall works. One question though if I may, if I have a firewall setup and its set to allow all traffic from my machine to the internet how can I telll if I have a trojen or keylogger on the system?

  6. #6
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,558
    You can install chkrootkit and run that. You should be able to get it with Ubuntu's package manager, apt-get. Also, get an anti-virus scanner, such as clamav (also available via package manager) and periodically scan your system discs.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  7. #7
    Linux Newbie sarlacii's Avatar
    Join Date
    May 2005
    Location
    South Africa
    Posts
    110
    Hey brer, you should check out Ubuntu's excellent firewall setup tools. To quote from Basic Ubuntu Linux Firewall Configuration - Techotopia
    <snip>Ubuntu Linux provides two firewall configuration options. The first is a basic yet effective and easy to use firewall configuration system called lokkit. Another, more advanced, option is called Firestarter. And yet another option is to use a tool called Guarddog. <snip>
    In PClinuxOS you have a basic firewall config tool in the Administration Centre on the "Security" tab. Messing with iptables yourself is dangerous and laborious. Unless you want to know exactly how it works, the GUI tools are way easier.
    Last edited by sarlacii; 05-02-2009 at 06:56 PM. Reason: added reference to my own distro's config tools
    Respectfully... Sarlac II
    ~~
    The moving clock K' appears to K to run slow by the factor (1-v^2/c^2)^(1/2).
    This is the phenomenon of time dilation.
    The faster you run, the younger you look, to everyone but yourself.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •