- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: How to secure LINUX BOX from Hacking
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2007 03:52 AM
тАО04-13-2007 03:52 AM
I want to know the different way of approching the linux boxes at the hacking...
1)Just I want to know the different way of securing the linux boxes... from Hacking...
2)Then how to probe and prevent hacking of servers...from hackers.
3)What are the preventive measures to be taken in a server to avoid hacking...
4)Where i can find the more relevant details of hacking in linux boxes..
5)How can i find which unknown processes running and why it is running and using the port 899 in linux boxes.
for ex: 899/tcp open unknown services
regds,
palani
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2007 04:05 AM
тАО04-13-2007 04:05 AM
Re: How to secure LINUX BOX from Hacking
Configure the firewall (iptables)
Change the default ssh port
Disable ssh root login
Keep the server updated
Plan a good backup and disaster recovery strategy
Disable uneeded services
Install an IDS tool like tripwire
Other tools available, like portsentry, logwatch, nmap, snort, etc
Use nessus to check the server security
There is a book called Hacking linux exposed by anonymous
You can use lsof to identify the process that opens a port, like this:
lsof -i :899
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2007 11:11 AM
тАО04-13-2007 11:11 AM
Re: How to secure LINUX BOX from Hacking
But basically apply the same common sense approach to securing systems and diagnosing hacking attempts as you would any other UNIX system. The principles are exactly the same - you just might find that there are more tools available under Linux than most other *NIXs.
If you really want something Linux specific to while away the midnight hours, have a look at Linux Server Security (ISBN 0-596-00670-5).
In general terms, look at Network Intrusion Detection (ISBN 0-7357-0868-1).
Colin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2007 05:14 PM
тАО04-13-2007 05:14 PM
Re: How to secure LINUX BOX from Hacking
If you are running Red Hat you can setup SELinux. It basically defines and characterizes applications and only allows them to do what they are meant to do. So if an application became compromised, the attacker could only access things that the application is allowed to access. I would suggest reading up on SELinux before you implement it. You can shoot yourself in the foot pretty fast if you are not familiar with how it works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2007 06:06 PM
тАО04-13-2007 06:06 PM
Re: How to secure LINUX BOX from Hacking
SSH should also be configured to not accept passworded logins, but require pre-shared 1024/2048 bit DSA keys. This means that SSH it's self becomes even more secure.
Look into the PAM limits for failed logins, and automation of account disables, or locking if someone tries repeated logins to that account.
There are a few tools around which allow you to create actively dynamic firewall rules based on behaviours (i.e. block someone who tries to telnet to a port 50 times within a period). This reduces probing looking for possible exploits on services.
For question 5), 'netstat -ntlp' is your friend. It ties processes to listening ports. If you use just '-nap', it'll match all TCP/UDP/UNIX socket traffic to their owner PID's. Very handy.
Learn about ACL's, and how to use 'chattr'. Immutable is quite handy.
Learn about 'rpm -V', (if you're using an RPM based machine) to verify the files installed, to ensure that they haven't been modified.
As for 4), make sure you're on the security mailing lists (http://www.securityfocus.com for example). Also ensure you're on your Linux distribution's pacakge update lists so you can update your system as soon as security updates are available.
.. Anyway, just some thoughts off the top of my head ..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2007 01:50 AM
тАО04-14-2007 01:50 AM
Re: How to secure LINUX BOX from Hacking
If i implemented selinux some network processes are getting affected.for ex:IF selinux enabled in amandabackup server,but the backup server not able to take backup of linux clients (i.e) communication error is arriving, like amandabackup server not have permission to take backup of /home/*... Then i disable the selinux its working fine....
But now i implemented iptables...
What can i do for this type of scenarios??
Pls let me know if any advanced and simple way.... of securing linux boxes...
regds,
Palani.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2007 05:52 AM
тАО04-14-2007 05:52 AM
Re: How to secure LINUX BOX from Hacking
Great tool here that helps.
http://www.bastille-linux.org/
1) My basic approach is run a minimum amount of services. I have special firewall boxes that forward selected ports only to real servers which limits vulnerability. Fire firewalls run two application, the firewall and ssh.
2) Bastille helps you secure, nessus and snort help spot problems as they are happening.
3) See prior posts and link above.
4) A google search should suffice.
5) I would suspect that someone is trying to hack your box. Get that firewall up.
http://www.fs-security.com/
This tool ships with Fedora and other linuxes and though not frequently updated is an excellent firewall tool. It gets you going out of the box quickly and has an easy to understand gui.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2007 05:20 AM
тАО04-15-2007 05:20 AM
Re: How to secure LINUX BOX from Hacking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2007 07:39 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2007 09:24 PM
тАО04-15-2007 09:24 PM
Re: How to secure LINUX BOX from Hacking
Now i had iplemented new policy in linux boxes and cold watching the servers with help of all of ur tips
steven,
What u suggested is correct,somebody trying to hack my m/c.I found the ssh log failures in /var/log/secure for every few minutes and 4 to 5 failed login attempts... are found.
let me know what i can do in this problems..
Thanx a lot for all..
Let me know if new anything is available...for securing unix boxes..
Regds,
palani.sp.