Re: Securing system

To: Mark Wagnon <mwagnon1@home.com>
Cc: debian-user@lists.debian.org
Subject: Re: Securing system
From: Steve George <steve@blah.dircon.co.uk>
Date: Mon, 5 Jul 1999 19:12:25 +0100
Message-id: <[🔎] 19990705191225.A20178@free.blah.dircon.co.uk>
In-reply-to: <[🔎] 19990704231657.A539@smaug.com>; from Mark Wagnon on Sun, Jul 04, 1999 at 11:16:57PM -0700
References: <[🔎] 19990704142158.A338@smaug.com> <[🔎] 19990704225544.C16673@free.blah.dircon.co.uk> <[🔎] 19990704231657.A539@smaug.com>

Well many daemons are controlled but not all, for example mail and RPC are not.  You can see what is running on your system with netstat:

	netstat -a --inet
Any socket with LISTEN is dangerous since it can be connected to.  The other place to look for daemons being started is /etc/innittab and the rc scripts e.g /etc/rc3.d.  Pstree is a very useful command as shows you where everything has been started ie the parent PID.

Security can be a permanent hobby.........but for most people it's a case of getting the basics right and then keeping backups just in case you meet with someone who is nasty.  Think of it in the same way as learning any set of commands, in most cases the learning curve is steep but you only have to learn it once and then it's good for ages!!

Good luck,

Steve


On Sun, Jul 04, 1999 at 11:16:57PM -0700, Mark Wagnon wrote:
> On Sun, Jul 04, 1999 at 10:55:44PM +0100, Steve George wrote:
> 
> > The first thing you should do is comment telnet back in until you
> > have drawn up your security strategy ;-)
> 
> Okay! :)
> 
> > 
> > The standard things people will tell you to do are:
> > 	- turn everything off
> 
> What is "everything"? I've downloaded the lasg and have been reading
> through it...but so far I have only disable things in
> /etc/inetd.conf. Are there other locations that I need to be concerned with?
> 
> > 	- use inetd/wrappers with PARANOIA for anything you *have* to have on
> > 	- use packet filtering ie ipchains
> > 	- use a logchecker
> > 	- keep backups for WHEN you get broken into.
> 
> Uh oh, sounds like I'm gonna be busy for weekends to come!
> 
> > Unfortunately if you are on a cable modem you are easy meat since
> > your available 24/7 and because often the people who connect have no
> > real security idea they are a useful staging post for a cracker.  I
> > currently get scanned about 2x a day at work and often they are from
> > IP's that resolve to cable modems.
> 
> I know, that was one of the reasons it took me so long to get a cable
> modem. I'm not too concerned about my systems (I tend to re-install
> several times a year, and my home machines are a hobby--they don't put
> food on the table), but I really don't want some cracker messing with
> other systems via mine. But you has to step off the curb sometimes...
> 
> I've started playing with ssh, and so far everything seems fairly
> straight forward. Once I get this stuff down Samba's next.
> 
> Thanks for you help!
> -- 
>                                          __   _
> Mark Wagnon             Debian GNU/ -o) / /  (_)__  __ ____  __    
> Chula Vista, CA                     /\\/ /__/ / _ \/ // /\ \/ /   
> mwagnon1@home.com                  _\_v____/_/_//_/\_,_/ /_/\_\
>                                            http://www.debian.org

Reply to:

References:
- Securing system
  - From: Mark Wagnon <mwagnon1@home.com>
- Re: Securing system
  - From: Steve George <steve@blah.dircon.co.uk>
- Re: Securing system
  - From: Mark Wagnon <mwagnon1@home.com>

Prev by Date: Re: CD-RW drives and Linux
Next by Date: Re: x11amp still available?
Previous by thread: Re: Securing system
Next by thread: Re: Securing system
Index(es):
- Date
- Thread