axgupta1
10-01-2002, 08:42 PM
I have installed RHL 7.3 on my machine. I have one machine only and no other hardware firewall. I have a boradband connection to the internet. How do I secure my machine ?
Thanks
Arun
Thanks
Arun
Click to See Complete Forum and Search --> : How to secure a Linux system
Hayl
10-01-2002, 08:49 PM
you need some type of firewalling software installed like ipchains.
CrashTestDummy9
10-01-2002, 08:50 PM
The NHFs are very helpful . Also a hardware firewall isnt that expensive . A modern router does well as a hardware firewall . NHF is the Newbie Help Files btw .
Hayl
10-01-2002, 08:57 PM
agreed. the best thing to do is to go out and buy a router - Linksys are good.
hlrguy
10-01-2002, 09:18 PM
I don't know who it was who posted this, but it was earlier today. THEY need all the credit.
I downloaded to give this firewall software a try. It is running right now. Seeing how it detects weird events, things like that.
http://firestarter.sourceforge.net/
hlrguy
Also, if you are NOT a server, go here for more security tips (Disable FTP, Telnet, etc). There are hundreds if not thousands of firewall howtos, but this was one I liked so I bookmarked it.
http://www.tldp.org/HOWTO/Firewall-HOWTO.html
I downloaded to give this firewall software a try. It is running right now. Seeing how it detects weird events, things like that.
http://firestarter.sourceforge.net/
hlrguy
Also, if you are NOT a server, go here for more security tips (Disable FTP, Telnet, etc). There are hundreds if not thousands of firewall howtos, but this was one I liked so I bookmarked it.
http://www.tldp.org/HOWTO/Firewall-HOWTO.html
hlrguy
10-01-2002, 09:31 PM
It works well. I saw in the output log on the main window that there was a computer out there polling every port. They tried 0 a bunch of times and then I saw packets to for 1 through 1301 with a new port every 2 seconds. (I have protected all ports). This had been going on for about
25 minutes while I tried to get some information (none available).
On 5 minute flood ping and he is gone.
hlrguy
25 minutes while I tried to get some information (none available).
On 5 minute flood ping and he is gone.
hlrguy
axgupta1
10-02-2002, 09:22 PM
Well, thanks everyone for suggestions. Since I am not very good with typing ipchains rules, I did the following:
a) Using gnome-lokkit, I created a secure working configuration. Then read the /etc/sysconfig/ipchains file. Then I used the Firewall Configuration tool in KDE and created the same set of rules. The DNS resolution doesn't work. Try whatever, unless I open up everything, the DNS doesn't work.
b) I have tried the iptables GUI front end based firewalls from www.sourceforge.net and www.fwbuilder.net. None of them works. The fwbuilder firewall keeps complaining about missing libpng.so.3 library. I don't know where to get it from. My libpng is up to date as told by Red Hat Up2date tool. The sourceforge.net firewall works only under Gnome. Since I am using KDE, it complains about a whole bunch of missing libraries, though I have Gnome installed.
Guess I will have to manually struggle with the rules. Thanks everyone for ideas.
a) Using gnome-lokkit, I created a secure working configuration. Then read the /etc/sysconfig/ipchains file. Then I used the Firewall Configuration tool in KDE and created the same set of rules. The DNS resolution doesn't work. Try whatever, unless I open up everything, the DNS doesn't work.
b) I have tried the iptables GUI front end based firewalls from www.sourceforge.net and www.fwbuilder.net. None of them works. The fwbuilder firewall keeps complaining about missing libpng.so.3 library. I don't know where to get it from. My libpng is up to date as told by Red Hat Up2date tool. The sourceforge.net firewall works only under Gnome. Since I am using KDE, it complains about a whole bunch of missing libraries, though I have Gnome installed.
Guess I will have to manually struggle with the rules. Thanks everyone for ideas.
hlrguy
10-02-2002, 09:36 PM
There are a LOT of firewall programs at sourceforge. What about the one i suggested. It works for me an I have DNS
http://firestarter.sourceforge.net/
I use KDE version 1.2 redhat 7.0 and was able to install and use 0.8.2 with no dependancy violation. Newer version, we are talking 50 to 60 dependancies.
hlrguy
http://firestarter.sourceforge.net/
I use KDE version 1.2 redhat 7.0 and was able to install and use 0.8.2 with no dependancy violation. Newer version, we are talking 50 to 60 dependancies.
hlrguy
axgupta1
10-02-2002, 10:59 PM
The 0.83 version worked fine. However, I have some more questions:
a) The scan.sygate.com shows that ports 8080 and Source Port are still open. How do I block them ?
b) Neither ipchains nor iptables daemon is running in my initlevel. The firewall still reports it is running. Is that a problem ?
c) How do I start the firewall on system reboot ?
d) Does this firewall use ipchains or iptables ? Is there a way to find out ?
I am not running any server program like web server, DNS server or telnet server etc.
Thanks very much for your help....
Arun
a) The scan.sygate.com shows that ports 8080 and Source Port are still open. How do I block them ?
b) Neither ipchains nor iptables daemon is running in my initlevel. The firewall still reports it is running. Is that a problem ?
c) How do I start the firewall on system reboot ?
d) Does this firewall use ipchains or iptables ? Is there a way to find out ?
I am not running any server program like web server, DNS server or telnet server etc.
Thanks very much for your help....
Arun
hlrguy
10-03-2002, 12:11 AM
If you selected simple firewall connection when the connection wizard came up, and selected 'No, I do not run any public services, then you are probably alright. i.e. port 8080 exists, but no one can connect to it. However, under preferences-->blocking, manually specify any port you want. Remember to re-run the wizard so that the change in preferences is picked up.
The firewall starts the appropriate service (ipchains or iptables). From the README file...
A machine running Linux kernel version 2.2 with
Linux IP Firewalling Chains (ipchains) version 1.3.9 or higher
-or-
A machine running Linux kernel version 2.4 with
Linux IP Firewalling Tables (iptables) version 1.2.3 or higher
Start firestarter in a terminat window and see what the output is. If no errors, and you know you are kernel 2.4, you are using iptables and
vice versa.
As i mentioned, my kernel is not detected so it defaults to ipchains.
Firestarter starts the ipchains or iptables when it starts.
Finally, when it installs, firestarter is added to your boot up area
[root@localhost rc5.d]# ls -l S11firestarter
lrwxrwxrwx 1 root root 21 Oct 1 16:41 S11firestarter -> ../init.d/firestarter
[root@localhost rc5.d]# cd ../rc3.d
[root@localhost rc3.d]# ls -l S11firestarter
lrwxrwxrwx 1 root root 21 Oct 1 16:41 S11firestarter -> ../init.d/firestarter
to be ready to start on dialup connect. The first option in the wizard. I checked, and
mine starts automatically on ppp connect. You can tell if it is running anytime with the
command
ps -ef |grep firestarter and you should see something like...
root 1088 1002 0 23:02 pts/1 00:00:01 firestarter
It should start up on connect or as soon as eth0 is detected if that is your internet connection.
hlrguy
The firewall starts the appropriate service (ipchains or iptables). From the README file...
A machine running Linux kernel version 2.2 with
Linux IP Firewalling Chains (ipchains) version 1.3.9 or higher
-or-
A machine running Linux kernel version 2.4 with
Linux IP Firewalling Tables (iptables) version 1.2.3 or higher
Start firestarter in a terminat window and see what the output is. If no errors, and you know you are kernel 2.4, you are using iptables and
vice versa.
As i mentioned, my kernel is not detected so it defaults to ipchains.
Firestarter starts the ipchains or iptables when it starts.
Finally, when it installs, firestarter is added to your boot up area
[root@localhost rc5.d]# ls -l S11firestarter
lrwxrwxrwx 1 root root 21 Oct 1 16:41 S11firestarter -> ../init.d/firestarter
[root@localhost rc5.d]# cd ../rc3.d
[root@localhost rc3.d]# ls -l S11firestarter
lrwxrwxrwx 1 root root 21 Oct 1 16:41 S11firestarter -> ../init.d/firestarter
to be ready to start on dialup connect. The first option in the wizard. I checked, and
mine starts automatically on ppp connect. You can tell if it is running anytime with the
command
ps -ef |grep firestarter and you should see something like...
root 1088 1002 0 23:02 pts/1 00:00:01 firestarter
It should start up on connect or as soon as eth0 is detected if that is your internet connection.
hlrguy
axgupta1
10-03-2002, 08:18 PM
This is what happens after I start firestarter from console:
Gtk:WARNING **: invalid cast from (NULL) pointer to 'GtkContainer'
Gtk-CRITICAL **: file gtkcontainer.c: line 726 (gtk_container_remove): assertion 'container != NULL' failed.
These two lines keep on repeating. Though the firestarter works after I run it from command line, the firestarter service does not start automatically, neither does iptables or ipchains. I am using kernel 2.4.10-18, RHL 7.3. All packages are up to date. Have I messed up something ?
Thanks
Arun
Gtk:WARNING **: invalid cast from (NULL) pointer to 'GtkContainer'
Gtk-CRITICAL **: file gtkcontainer.c: line 726 (gtk_container_remove): assertion 'container != NULL' failed.
These two lines keep on repeating. Though the firestarter works after I run it from command line, the firestarter service does not start automatically, neither does iptables or ipchains. I am using kernel 2.4.10-18, RHL 7.3. All packages are up to date. Have I messed up something ?
Thanks
Arun
axgupta1
10-03-2002, 11:11 PM
It is working !! I just reinstalled and restarted the machine and now the firestarter seems to be working fine. Thanks a lot....
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.