View and vote on the article here: Linux Security tutorial 2
Linux Security tutorial 2| Category | | | Summary | Linux security tutorial 2
The web site of this tutorial series which contains the tutorials, software and useful links is now running, check myweb.tiscali.co.uk/mrlount/index.html
Finding your weaknesses.
|
| | Body | To successfully configure a secure system you must first understand and know what your computers weaknesses are. First we will look at a quick overview on ports ( There is already a zzine tutorial on ports ).
When you connect to any network service you will be connecting to a port on another computer. Likewise when another computer communicates with you it will connect to a port on your computer. Ports are represented by numbers 0 to 60179. Ports are used so that computers know which service you wish to use by which port you connect to. Port numbers are the same amongst all operating systems so that communication is not hindered by confusion between different operating systems.
With Linux you will find the text file /etc/services which gives you a list of the ports on your computer and the protocol and service associated with that port.
If someone were to attempt a connection to your computer, there must be a port to connect to. There are certain programs on your computer that listen for incoming connections and respond to them. We call these listening programs daemons and controlling them is essential to your system's security.
We are now going to perform a port scan on our computers and to do this we will use a tool called nmap. This is a widely used port scanner and considered by many to be the best available. You can download nmap from www.insecure.org/nmap/
Nmap has a vast array of features that are too many to discuss here. I suggest you read all the documentation to use nmap really effectively.
For now enter the following to scan your computer.
nmap -sS -O -v 127.0.0.1
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Host localhost.localdomain (127.0.0.1) appears to be up ... good.
Initiating SYN half-open stealth scan against localhost.localdomain (127.0.0.1)
Adding TCP port 32770 (state open).
Adding TCP port 25 (state open).
Adding TCP port 587 (state open).
Adding TCP port 6000 (state open).
The SYN scan took 3 seconds to scan 1523 ports.
For OSScan assuming that port 25 is open and port 1 is closed and neither are firewalled
For OSScan assuming that port 25 is open and port 1 is closed and neither are firewalled
For OSScan assuming that port 25 is open and port 1 is closed and neither are firewalled
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1519 ports scanned but not shown below are in state: closed)
Port State Service
25/tcp open smtp
587/tcp open submission
6000/tcp open X11
32770/tcp open sometimes-rpc3
TCP Sequence Prediction: Class=random positive increments
Difficulty=1853135 (Good luck!)
Sequence numbers: 6C2C99C6 6C2C99C6 6BF0C6ED 6BF0C6ED 6BB94C5E 6BB94C5E
No OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
TSeq(Class=RI%gcd=6%SI=4B798)
TSeq(Class=RI%gcd=1%SI=1C46EA)
TSeq(Class=RI%gcd=1%SI=1C46CF)
T1(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Nmap run completed -- 1 IP address (1 host up) scanned in 7 seconds
This fairly detailed output gives us a lot of interesting information. First let's look at what we did.
We gave the command nmap.
We passed in the option -sS which stands for syn stealth and is the type of scan we used.
We passed in th option -O which tries to identify the operating system. ( as you can see it failed. )
Then we passed in the option -v which asks for verbose output ( more detailed )
Finally we gave it the localhost ip address 127.0.0.1
The interesting part here is where we are told the services listening on our computer.
25/tcp open smtp
587/tcp open submission
6000/tcp open X11
32770/tcp open sometimes-rpc3
We can now, for example, see that there is a daemon listening on port 25 that accepts smtp connections. We can connect to this port using telnet and thus find that the listening daemon is sendmail.
telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.11.3/8.11.3; Fri, 26 Apr 2002 19:31:22 +0100
In future tutorials we will learn how to control connections to your computer using tcp wrappers.
For now it is sufficient to know that the services offered by your computer are a security risk, so if they are essential to your needs you need to make them as safe as possible. Sendmail, for example, has had many security problems over the years.
Now that you have discovered some daemons on your computer we need to stop other people abusing these services. The next tutorial will be on how to detect port scanning and how to turn off un-needed services. |
|
This article was imported from zZine. (original author: morbivella)
There are no replies to this post yet.
|