check out pmfirewall, its a perl script that walks you through setting up an
ipchains firewall....quite painless
http://www.pmfirewall.com/
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ahad Sirizi
Sent: Saturday, March 10, 2001 1:21 PM
To: [EMAIL PROTECTED]
Subject: Re: My server got hacked.
Good Day all,
Thanks, very helpfull information. Could you give more
detail on
> Step five - Set up a firewall to block all ports
> except the ones ....
Do I need any specific software or tool to do that?
--- "Mikkel L. Ellertson" <[EMAIL PROTECTED]>
wrote:
> On Fri, 9 Mar 2001, Bernie Huang wrote:
>
> > Hi, all,
> >
> > I have a Redhat 7.0 server setup as a firewall. I
> am a newbie to secure my
> > linux box, and I didn't do a good job in my
> services and firewall
> > configuration. Some time ago, I received a phone
> call from my cable
> > provider informing that someone has routed my
> machine and use my ip to poke
> > other companies ftp sites. They also sent me an
> "Acceptable Use Policy
> > Violation" email with a list of ports that I
> opened for services (eg; ftp,
> > http, telnet, etc.).
> >
> > So, I just followed that port list and commented
> out all the opened ports in
> > /etc/services, and hopefully when I restart my RH
> box, I can still use
> > Internet sharing behind firewall. And shoot, my
> box stopped booting at "..
> > Random Number Generator..". It just stuck there.
> Now I need some help coz
> > all my school data is in that box.
> >
> /etc/services does not control the running of
> services, except that some
> daemons use /etc/services to get what port they
> should be using. You
> SHOULD NOT comment out services in this file! IT
> WILL BREAK THINGS!
>
> A much better way is to use chkconfig to turn
> services off.
> >
> > 1. How do I boot my RH box? (I have an
> installation disk, which is used
> > when I installed RH 7.0).
> >
> At the LILO prompt, type "linux init=/bin/bash". If
> linux is not the
> lable for the default kernel, change it to the
> correct value. (Hitting
> Tab will bring up a list of labels.)
>
> > 2. After I got it booted and running, how do I
> make sure that I close all
> > the necessary ports?
> >
> Step one - back up your data.
> Step two - wipe the hard drive and re-install.
> Step three - install the updates for RH 7.0
> Step four - turn off unused services
> - chkconfig and ntsysv are nice for this
> Step five - Set up a firewall to block all ports
> except the ones
> you are actualy using.
> Step six - put the box back on the net, and test
> your firewall.
>
> > 3. Since I configured ip-masq for internet
> sharing, it's not difficult for
> > someone to use my ip for hacking, BUT, how does he
> do it?
> >
> They usualy crack the box first, often because it
> has not had the latest
> updates installed, They then install their own
> software so they can
> connect to your box, and use it to go elseware, or
> run software that
> searches for other machines to crack. That is why
> you normaly want to
> wipe clean a box that has been cracked - you never
> know what back doors
> have been installed somewhere on the system...
> >
> > Thank you for your help. =)
> >
> > - Bernie
> >
> Mikkel
> --
>
> Do not meddle in the affairs of dragons,
> for you are crunchy and taste good with ketchup.
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
>
https://listman.redhat.com/mailman/listinfo/redhat-list
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
