tk,
tk dev wrote:
>
> gustav
>
> thanks for your reply. actually this is the first time i'm setting up linux
> so i'm pretty confused by your directions.i've the following ques:
Sorry. :-) I was an absolute beginner no more than nine months ago. You
will quickly pick up some basic concepts a lot of specific vocabular.
Don't expect your old friends, your girlfriend, your family, etc. to
understand what you're talking about a few months from now. :-)
> 1. how do u run ntsysv?
In any x terminal or at 'any prompt' type: ntsysv
> 2. is the ipchains firewall already inside redhat 6.1 or do i have to
> download it & install?
It's not part of the distro. You'll have to download, install and
configure it. There *is* a rather steep learning curve to this. Don't
hesitate. Go for it! You'll learn a lot and you'll sleep better during
nights. Believe me.
Search it at:
http://www.rpmfind.net/linux/RPM/IByName.html
> 3. what are portsentry software, where can i get them?
The portsentry is a piece of software that will constantly look for any
port scans on your box from the outside world. Port scans are very
often, but not always, the first sign of an attacker getting interested
in your box. Simplyfied: They scan all your ports and register which
ones are open, i.e. which ones do answer with either "welcome" or "go
away". Som script kiddies save this info for future reference. There is
even an exchange of info of this kind.
(This is why you should not answer neither "welcome" or "go away" on the
ports where you don't want to provide any public services. You shouldn't
answer at all. That's the meaning of DENY. REJECT means "go away". This
is more polite (in a way) but also more dangerous, since you advertise
your existance. With a DENY, the caller will get the impression that
"you don't exist".)
If you have a fix IP: Assume that they know you're running an http
server. Later on they learn a new way of braking into the http server.
They come back to your box. You may or may not have upgraded to the
latest security patch from RedHat. That patch may or may not yet exist.
If you have a dynamic IP: Well, when they learn the new security hole in
for instance http, they do the port scans and when they find a response
on port 80 they will immediately try to breach your server.
portsentry will in a very smart way do whatever it can to detect such a
port scanning activity and immediately deny as much traffic as possible
from the originating IP. With the add-on package called logcheck, you
can get e-mailed reports from such activity.
Search for portsentry and logcheck at:
http://www.psionic.com/abacus/portsentry/
Some general rules:
1) Make sure you immediately install all bug fixes available from
RedHat. (See the 'Security & and Errata' page)
2) Subscribe to the redhat-announce mailing list. Search for it at
RedHat.
3) Become a frequent flyer at http://www.freshmeat.net and
http://www.rpmfind.net/linux/RPM/ByName.html (I'm sure you will get more
e-mail indicating other good sources for Linux software. :-)
4) Turn off all services you don't need (ntsysv). For instance, do you
want to provide an http server. A news server? NFS server? Etc.
Welcome to Linux. Absolutely (erhm, at least 'very') stable software.
Lot's of mean kiddies that wants nothing but breaking inn into your box.
:-)
Best regards
Gustav
> TQ very much for your assistance.
>
> rgds
> tk
>
> >
> >tk
> >
> >If you installed a RedHat version 6.x, you do not need to recompile your
> >kernel to run ipchains.
> >
> >Unless you have a problem with disk space, you don't need to remove the
> >software you don't use. Just make sure that you run only the services
> >that you need. As long as they don't run, they won't be a security hole.
> >Run ntsysv to configure what services you want running.
> >
> >Setup the ipchains firewall to DENY everything. Then ACCEPT only
> >whatever traffic you feel should go through the wall. (Lot's of trial
> >and error there, to get the legitimate stuff through.) Also, make sure
> >that you log everything that you DENY. That way you gain two things. 1)
> >You can see what legitimate traffic doesn't go through the wall and you
> >can easily understand what to change in your ipchains to let it through.
> >2) You can know what illegitimate traffic (if any) was DENY'ed and you
> >may take appropriate action.
> >
> >When ipchains is up and running, you may also want to give a look at
> >portsentry. The portsentry software will detect most types of port scan
> >attacks.
> >
> >Regards
> >Gustav
> >
> >tk dev wrote:
> > >
> > > hello
> > >
> > > i've finally installed redhat using custom installation (coz i need the
> >x
> > > window).
> > >
> > > anyway, i'll be installing a firewall here. according to the howto,
> > > i've to recompile my kernel first. my ques is,what program do i delete
> >from
> > > my server(i.e. what are the essential programs that i should have to do
> >my
> > > administration work in GUI & at the same time make sure that there are
> > > minimum holes in my system). What is the best way to delete those
> >programs?
> > >
> > > thanks for your help.
> > >
> > > rgds
> > > tk
> >
> >--
> >pgp = Pretty Good Privacy.
> >
> >To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
> >
> >Visit my web site at http://www.schaffter.com
> >
> >
> >--
> >To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> >as the Subject.
> >
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
