On Fri, 9 Mar 2001, Bernie Huang wrote:
> Hi, all,
>
> I have a Redhat 7.0 server setup as a firewall. I am a newbie to secure my
> linux box, and I didn't do a good job in my services and firewall
> configuration. Some time ago, I received a phone call from my cable
> provider informing that someone has routed my machine and use my ip to poke
> other companies ftp sites. They also sent me an "Acceptable Use Policy
> Violation" email with a list of ports that I opened for services (eg; ftp,
> http, telnet, etc.).
>
> So, I just followed that port list and commented out all the opened ports in
> /etc/services, and hopefully when I restart my RH box, I can still use
> Internet sharing behind firewall. And shoot, my box stopped booting at "..
> Random Number Generator..". It just stuck there. Now I need some help coz
> all my school data is in that box.
>
/etc/services does not control the running of services, except that some
daemons use /etc/services to get what port they should be using. You
SHOULD NOT comment out services in this file! IT WILL BREAK THINGS!
A much better way is to use chkconfig to turn services off.
>
> 1. How do I boot my RH box? (I have an installation disk, which is used
> when I installed RH 7.0).
>
At the LILO prompt, type "linux init=/bin/bash". If linux is not the
lable for the default kernel, change it to the correct value. (Hitting
Tab will bring up a list of labels.)
> 2. After I got it booted and running, how do I make sure that I close all
> the necessary ports?
>
Step one - back up your data.
Step two - wipe the hard drive and re-install.
Step three - install the updates for RH 7.0
Step four - turn off unused services
- chkconfig and ntsysv are nice for this
Step five - Set up a firewall to block all ports except the ones
you are actualy using.
Step six - put the box back on the net, and test your firewall.
> 3. Since I configured ip-masq for internet sharing, it's not difficult for
> someone to use my ip for hacking, BUT, how does he do it?
>
They usualy crack the box first, often because it has not had the latest
updates installed, They then install their own software so they can
connect to your box, and use it to go elseware, or run software that
searches for other machines to crack. That is why you normaly want to
wipe clean a box that has been cracked - you never know what back doors
have been installed somewhere on the system...
>
> Thank you for your help. =)
>
> - Bernie
>
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
