Security is the issue

[bignester]

OK i want to go through my linux box and secure any holes it might have

heres my setup

i have my cable modem connecting to my router than my linux server connecting to my router at a static IP address and then the rest of computer connected on a dhcp.

my server is a wins server as well as an apache server and other things.

What are some security issues i need to address with setup. Are there any. Are there any programs i can to prevent hacking or something of the sort.

Can i use my server to protect the rest of the computers on the network.

Any Help would be appreciated

thanx for reading..

[Dolda2000]

If the router is doing NAT, then you have a great deal of security from there. All I can give are the general tips: Keep your software upgraded to the latest version, especially the apache server, and try to run as many servers as possible as non-root users and in chroot jails.

[andutt]

Shutdown all unnessasary services that you dont need to have up and running also check with

Code:

netstat -anp

Which network services that are up and running and are listening on ports.. maybe you can shutdown something.

check also whith chkconfig if you have that on your distribution, this is how my linux look like..

Code:

chkconfig --list |grep 3:on
microcode_ctl   0:off   1:off   2:on    3:on    4:on    5:on    6:off
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
random          0:off   1:off   2:on    3:on    4:on    5:on    6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
pcmcia          0:off   1:off   2:on    3:on    4:on    5:on    6:off
keytable        0:off   1:on    2:on    3:on    4:on    5:on    6:off
apmd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
gpm             0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sendmail        0:off   1:off   2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
anacron         0:off   1:off   2:on    3:on    4:on    5:on    6:off
xfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
xinetd          0:off   1:off   2:off   3:on    4:on    5:on    6:off

Thats all services that starts on runlevel 3 that are my default runlevel.

Regards

[bignester]

If the router is doing NAT, then you have a great deal of security from there. All I can give are the general tips: Keep your software upgraded to the latest version, especially the apache server, and try to run as many servers as possible as non-root users and in chroot jails.

How do i run things as non root useres and what are chroot jails.

[Dolda2000]

How to do that differs from program to program. Check the respective man pages for it.
chroot is running a program using a different directory as the root directory. That means that even if it is hacked, it cannot access any files outside the directory you have jailed it in. For that to be effective, you must either run the server as a non-root user, or patch your kernel with grsecurity and enable the chroot protection settings. With a normal kernel, root can easily break the chroot jail.

[andutt]

Its a bit tricky to set up chroot-environments but when its up it workes well. I sholdnt recommend it for newbies though...There are other easier things that can do much good that are easier to set up.

Regards

[bignester]

Thanx for the input Ill look into it and see if it would be worth my effort to set it up

Thanx again for the direction

[andutt]

Yes do that, Check your services and open ports on a first step. Its a fast thing and can tribute much to your security..

Regards