[Security] Linux Security tutorial 3

[Reply] [View by Thread] [Help]
[Back To Article Discussion Forum]

View and vote on the article here: Linux Security tutorial 3

Linux Security tutorial 3

Category

Security

Summary

Linux Security Tutorial 3

Welcome to part 3. All parts available at myweb.tiscali.co.uk/mrlount/index.html

The last tutorial showed us how to check our system for listening daemons and

also how to perform a port scan. The first thing we will

Body

For this we will use portsentry, which is available at the website

accompanying this tutorial.

Once portsentry is installed it will start automatically whenever you connect to

a network and it's default set-up is very effective.

You should now turn your attention to the /etc/portsentry directory which should

contain the following files.

always_ignore

portsentry.blocked.audp

portsentry.blocked.atcp

portsentry.conf

portsentry.ignore

portsentry.modes

The always_ignore file contains ip addresses that portsentry will always ignore

and therefore will not detect port scans from. This contains by default the

local ip 127.0.0.1

The 2 portsentry.blocked files show the ip addresses blocked by portsentry

during the current running session. These files will be emptied whenever

portsentry is stopped and restarted. Once entries have been made to these

files, a new file will be created called portsentry.history, and this file will

contain a listing of all ip addresses that were ever blocked.

portsentry.conf is were you can configure portsentry to your needs. As already

mentioned the default set-up is fine for most people but you should still take

a look. The conf file itself is well commented to allow easy configuration,

most of which is done by simply commenting and un-commenting certain lines.

The portsentry.modes file is where you specify which modes portsentry will start

up in. The default is fine.

We now know that we have listening daemons on our computer which receive

incoming connection attempts and respond accordingly. What we are now going to

learn is how to control who has the right to connect to a service on your

computer, and how to deal with those who do not have the right.

We will concentrate on telnet for all our examples below but the procedure is

pretty much the same for all daemons.

Firstly you will need xinetd which should be included in your distribution.

Once installed, you should once again move to the /etc/ directory and should

find a file named xinetd.conf and a directory named xinetd.d , this is where we

can configure xinetd to our liking.

For this example we will say that I want to allow my friend to telnet into my

machine, but I want everyone else blocked from opening a telnet connection. (in

the example my friend's ip address is 123.267.78.9 )

Firstly open up /etc/xinetd.conf with a text editor. You should see roughly the

following information.

defaults

{

instances = 60

log_type = SYSLOG authpriv

log_on_success = HOST PID

log_on_failure = HOST

}

includedir /etc/xinetd.d

The fields are as follows,

Instances is the number of connections allowed at any one time.

log_type is the log-level for syslog (syslog will be discussed in a future

tutorial)

log_on_success states the information to be logged on a successful connection.

log_on_failure states the information to be logged on a failed connection.

Feel free to adjust these fields to whichever values you like. The xinet.d

manpage

will help provide you with the available options. You should definitely reduce

the instances field to below 25.

In the /etc/xinet.d/ directory we have an entry for telnet in the form of a text

file. Feel free to look at the contents, they're all self explanatry.

To restrict access to telnet we simply add the line

only_from = 123.267.78.9

to the telnet file, so /etc/xinetd/telnet looks like

service telnet

{

socket_type = stream

protocol = tcp

user = root

wait = no

user = root

server = /usr/sbin/in.telnetd

only_from = 123.267.78.9

}

This is an incredibly basic introduction to xinetd and you should read all the

documentation to be able to use xinetd to it's full potential.

Our next tutorial will be a detailed firewall tutorial using iptables and

various firewall configuration software.

This article was imported from zZine. (original author: morbivella)

There are no replies to this post yet.

Guest:
Subject:
Message:	On 2007-04-29 10:01:48, System wrote >View and vote on the article here: [url=/library/article?id=1411]Linux Security tutorial 3[/url]<br/><br/><hr width="90%"/><center><h3>Linux Security tutorial 3</h3></center><table width="100%"><tr><td valign="top">[b]Category[/b]</td><td width="100%"><center><table border="1" cellpadding="3" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" width="95%" bgcolor="#364C7D"><tr><td width="100%">Security</td></tr></table></center></td></tr><tr><td valign="top">[b]Summary[/b]</td><td width="100%"><center><table border="1" cellpadding="3" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" width="95%" bgcolor="#364C7D"><tr><td width="100%">Linux Security Tutorial 3 > > > >Welcome to part 3. All parts available at myweb.tiscali.co.uk/mrlount/index.html > > > >The last tutorial showed us how to check our system for listening daemons and > > also how to perform a port scan. The first thing we will </td></tr></table></center></td></tr><tr><td valign="top">[b]Body[/b]</td><td width="100%"><center><table border="1" cellpadding="3" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" width="95%" bgcolor="#364C7D"><tr><td width="100%">For this we will use portsentry, which is available at the website > > accompanying this tutorial. > > > >Once portsentry is installed it will start automatically whenever you connect to > > a network and it's default set-up is very effective. > > > >You should now turn your attention to the /etc/portsentry directory which should > > contain the following files. > > > >always_ignore > >portsentry.blocked.audp > >portsentry.blocked.atcp > >portsentry.conf > >portsentry.ignore > >portsentry.modes > > > >The always_ignore file contains ip addresses that portsentry will always ignore > > and therefore will not detect port scans from. This contains by default the > > local ip 127.0.0.1 > > > >The 2 portsentry.blocked files show the ip addresses blocked by portsentry > > during the current running session. These files will be emptied whenever > > portsentry is stopped and restarted. Once entries have been made to these > > files, a new file will be created called portsentry.history, and this file will > > contain a listing of all ip addresses that were ever blocked. > > > >portsentry.conf is were you can configure portsentry to your needs. As already > > mentioned the default set-up is fine for most people but you should still take > > a look. The conf file itself is well commented to allow easy configuration, > > most of which is done by simply commenting and un-commenting certain lines. > > > >The portsentry.modes file is where you specify which modes portsentry will start > > up in. The default is fine. > > > >We now know that we have listening daemons on our computer which receive > >incoming connection attempts and respond accordingly. What we are now going to > >learn is how to control who has the right to connect to a service on your > >computer, and how to deal with those who do not have the right. > > > >We will concentrate on telnet for all our examples below but the procedure is > >pretty much the same for all daemons. > > > >Firstly you will need xinetd which should be included in your distribution. > > > >Once installed, you should once again move to the /etc/ directory and should > >find a file named xinetd.conf and a directory named xinetd.d , this is where we > >can configure xinetd to our liking. > > > >For this example we will say that I want to allow my friend to telnet into my > >machine, but I want everyone else blocked from opening a telnet connection. (in > >the example my friend's ip address is 123.267.78.9 ) > > > >Firstly open up /etc/xinetd.conf with a text editor. You should see roughly the > >following information. > > > >defaults > >{ > > instances = 60 > > log_type = SYSLOG authpriv > > log_on_success = HOST PID > > log_on_failure = HOST > >} > > > >includedir /etc/xinetd.d > > > >The fields are as follows, > >Instances is the number of connections allowed at any one time. > >log_type is the log-level for syslog (syslog will be discussed in a future > >tutorial) > >log_on_success states the information to be logged on a successful connection. > >log_on_failure states the information to be logged on a failed connection. > > > >Feel free to adjust these fields to whichever values you like. The xinet.d > > manpage > >will help provide you with the available options. You should definitely reduce > >the instances field to below 25. > > > >In the /etc/xinet.d/ directory we have an entry for telnet in the form of a text > >file. Feel free to look at the contents, they're all self explanatry. > > > >To restrict access to telnet we simply add the line > >only_from = 123.267.78.9 > >to the telnet file, so /etc/xinetd/telnet looks like > > > >service telnet > >{ > > socket_type = stream > > protocol = tcp > > user = root > > wait = no > > user = root > > server = /usr/sbin/in.telnetd > > only_from = 123.267.78.9 > >} > > > >This is an incredibly basic introduction to xinetd and you should read all the > >documentation to be able to use xinetd to it's full potential. > > > >Our next tutorial will be a detailed firewall tutorial using iptables and > >various firewall configuration software.</td></tr></table></center></td></tr></table><br/><br/>This article was imported from [url=http://www.zzine.org]zZine[/url]. <small>(original author: morbivella)</small>
Signature:
Optional Image Link:
http://

CyberArmy::Forum v0.6
Generated In 0.00530 seconds