Security Consulting
  Unix Administration     Firewall     Intrusion Detection     Network Security     Hacking     MORE     HOME    

Linux

Hardening

On a linux system there are multiple possibilities to make your system more secure. One thing I did was to write a script which enables some things on the machine to make it secure and also uses iptables(8) to block traffic coming to my system which I don't want.

This is a little bit of a more thorough approach:

First what you can do is a: 
    netstat -an
This will show you all the ports which are listening on the machine. Make sure you don't have any port open which shouldn't be. If there is, let's say port 111 open. Then do: 
    lsof -n | grep 111
Look for a line which has like "tcp:" in it. I think. Or at least talks about a socket. Anyway, you get the idea. Then you see on the left-hand side, what process has the port open. After you know the process, kill it and make sure that during startup, the service is not started anymore. I guess you know how that works in RedHat: 
    chkconfig --del process_nam  (where process_name is really one of the scripts in /etc/init.d)
Okay, this will get rid of you processes listening on the network. You can do more if you want, such as telling your box not to answer to ping broadcasts and disabling ip_forwarding and such. To be even more secure, you can enable the firewall on the beast. I have another script. It will only allow port 55 (variable on top) and the $manager to connect to port 22. You will have to adopt the script for sure, but it can be a start.

Now make sure you patch regularly! (either use apt-get, which is probably not installed or use yum. To use yum: "yum20 update" or use up2date from redhat, which I don't like at all).

Encrypted Files

If you want to have an encrypted file (or mountpoint), do the following: 
    dd if=/dev/urandom of=/.cryptofile bs=1k count=[size]
modprobe cryptoloop
losetup -e [algo] -k [number-of-keybits] -P [hash-algorithm] /dev/loop0 /.cryptofile
mount -o loop,ecncryption=[algo],keybits=[numberofkeybits],phash=[hashalgo] /.cyrptofile
In /etc/fstab you can then: 
    /.cryptofile /crypt ext3 noauto,user,loop,encryption=aes,keybits=256,phash=sha256 0 0



CopyLeft (l) 2003 by Raffael Marty