Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 15
I am running a linux server at home. Do ya guys have any idea about security???? thanks...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    May 2003
    Location
    Hong Kong, China
    Posts
    256

    There is no way i can prevent hacking, right?


    I am running a linux server at home. Do ya guys have any idea about security????


    thanks
    Signature removed by moderator - please see forum rules

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Of course there isn't a way to completely prevent hacking, of course, except disconnecting it from the internet. However, if you keep all your packages up to date properly, your chances of getting cracked decrease drastically. There are a million other things you can do as well to decrease your chances of getting cracked.

  3. #3
    Linux User
    Join Date
    May 2003
    Location
    Hong Kong, China
    Posts
    256
    he he
    I see, IPtables is good enough, right?

    Virus prevention is needed, right? which is the best anti virus programme?
    Signature removed by moderator - please see forum rules

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    It might be just me, but iptables isn't really that necessary. If you want a service to be blocked, then just don't run it. Its main use as I see it is to block specific IP addresses, or blocking the internet from using a service while it can still be used on your local net, ie. to set up access policies if the program doesn't have such functionality built-in to it.

    I don't really see why you'd want virus protection on Linux, except to prevent worms. But then the best way is probably to prevent worms from cracking the system at all instead. Speaking of worms, you might want to put /tmp on a seperate partition and mount that with noexec.

  6. #5
    Linux User
    Join Date
    May 2003
    Location
    Hong Kong, China
    Posts
    256
    gosh, iam confused, ok, i have to start somewhere anyway, thanks for the advice
    Signature removed by moderator - please see forum rules

  7. #6
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I believe that genlee is better suited than me to give hints on security.

  8. #7
    Linux Newbie
    Join Date
    Apr 2003
    Location
    UK, Manchester
    Posts
    147
    There are plenty of great web sites on how to secure your server.
    My favourite is www.linuxsecurity.com, it is up to date and always has good articles.
    It has a good documentation section that you will find very usefull.

    If you want to be the first to know about exploits/bugs then join the vulnwatch maiiling list.

  9. #8
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    grsecurity- adds various security options to the kernel and acl which would make something like rootkits worthless

    /tmp- have it on its own partition and mounted with noexec,nodev to prevent crackers from compiling/running exploits from there

    ulimits- set correctly for every user so someone could not run a command like this: perl -e 'while(fork) {`ls -w100000`;}' which is a variation of a forkbomb that eats up all memory.

    iptables- I agree with dolda about iptables on a workstation but they can also be used to slow down portscans to where it takes a few minutes to scan 1 port which is good to ward off script kiddies and novice crackers

    chroot- You can run some services like apache or bind from within a chroot so if either of them were exploited, the cracker would still not have access to your box. I know chroots can be broken out of, but with grsecurity it blocks all known ways of getting out of one and I have yet to see anyone break out of chroot with grsec.

    Doing those things and just using common sense like keeping all software updated, only running services you need, and good passwords should give you a very secure box that most crackers will not be able to gain access too. And since this would be on a workstation, it really wouldn't be worthwhile for some "great" cracker to spend all their time trying to break into it.

  10. #9
    Linux Newbie
    Join Date
    Apr 2003
    Location
    UK, Manchester
    Posts
    147
    Quote Originally Posted by genlee
    Doing those things and just using common sense like keeping all software updated, only running services you need, and good passwords should give you a very secure box that most crackers will not be able to gain access too. And since this would be on a workstation, it really wouldn't be worthwhile for some "great" cracker to spend all their time trying to break into it.
    I agree with most of what you are saying exept the above.

    If I wanted to "root" a companies server/network and not get caught I wouldnt do it directly.
    I would find serveral insecure or poorly configured servers/workstations in other countries that I could use to launch an attack and then try to hide any evidence. It would make it so much harder on trying to find what happened if the attack came from multiple sites in different countries.

    So any computer that a cracker can get his hands on will be very valuable.
    How do you think most ddos attacks are launched.

    Also strong passwords are great as it would buy you time if someone was attempting to brute force but it is more likely that the attacker would use a buffer overflow exploit to gain root (which is why chroot is great ).

  11. #10
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    On the other hand, I'd say that automated worms are most commonly used to gain control of "minion" computers, so I'd say that in few cases a "great" hacker would actually directly try to gain access to your computer.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •