1. Introduction to Linux Security

• • Introduction to

• Linux Security

• Republic Polytechnic

• Thursday 2 ndSeptember 2004

• By

• Michael Boman

2. What we will cover:

Turning off unnecessary servers and services

Limit exposure of needed servers and services using IPTables

Updating the system

Reading Linux log files

Q & A

3. Turning off xinetd launched services

Locate the relevant file in /etc/xinetd.d

Change no to yes in the disable field

Restart xinetd

• service xinetd restart

4. Controlling Daemons

Temporary turn a daemon off

• service stop

Permanently removing a daemon from automatically starting at boot up

• chkconfig del

Daemons start/stop scripts are stored in /etc/init.d

5. Who opened that port?

Use netstat to locate the application that opened a particular port

netstat -tunl

• -t = tcp

• -u = udp

• -n = don't resolve

• -l = listen only

6. Limit access to required daemons

What can you do when you actually need that service?

• Bind the service to localhost (ip address 127.0.0.1), if possible

• Enable IPTables and control access to the particular service

7. Keeping the system up-to-date

All systems becomes vulnerable as time passes and new vulnerabilities are discovered

Always keep your system up-to-date to avoid unnecessary time spent on recovering from a intrusion

8. Linux log files

Log files are generally located in /var/log

Syslog is the daemon that controls and create the log files

Use a tool like log check to limit the amount of lines of logs to read through

9. Advanced Techniques

Use a file integrity checker like tripwire to keep an eye at changed files

Use a Network IDS like snort to monitor attacks from the network

10. Questions?

Got any questions? Now is the time to ask them!

11. Recommended reading material

Security Focus

• www.securityfocus.com

Linux Security

• www.linuxsecurity.org

The Linux Documentation Project

• www.tldp.org

IPTables

• www.netfilter.org

Snort Network Intrusion Detection Software

• www.snort.org