Can anyone help me with system security

Message

thechris · Post by **thechris** » Tue Aug 17, 2004 10:53 pm

OK, i'm attempting to read the gentoo security guide, but it isn't perfect. it needs more documentation IMO. for people who know ipchains and all i'm sure its fine, but for me it is kinda vauge.

1.) it says chkrootkit can be made a cron job but then doesn't say _how_. it gives a line. am i supposed to type this on the command line or put it in a file?

2.) it lists a huge firewall that i don't quite follow. I want to have the following:
access to browse webpages, ftp, and rsync. not for http, ftp, or rsync servers.
access to AIM.
access to some games, like RTCW-Enemy Territory.

3.) I kinda like some of the ideas of squid, but the example is again kind hard to use.

4.) are there any files that _need_ to have read write or execute access by everyone? outside of /tmp and /var/tmp at least. like can you
chmod -R o-rwx /* && chmod -R 1777 /tmp && chmod -R 1777 /var/tmp
and not worry about the computer failing?

agent_jdh · Post by **agent_jdh** » Wed Aug 18, 2004 12:26 am

rkhunter (which is another rootkit checker) sticks a file /etc/cron.daily/rkhunter on your box that you can edit (just set the ENABLE line at the top to yes like it tells you), you might want to install rkhunter, and install chkrootkit and run it manually every now and again.

If you're struggling with a firewall, shorewall http://www.shorewall.net/ is good, and the website is very thorough in explaining things and offers downloadable templates depending on what sort of machine/network you're using it on. It's pretty straightforward to configure which ports to allow in and port forwarding etc.

thechris · Post by **thechris** » Wed Aug 18, 2004 2:33 am

i'm trying shorewall. not sure what a good config is though. its running now, but isn't preventing me from accessing the net. not sure if it works, or is just set up wrong...

gnuageux · Post by **gnuageux** » Wed Aug 18, 2004 7:58 am

You want to prevent you from having access out???? Or did I read this wrong?
Have you played around with iptables?

its running now, but isn't preventing me from accessing the net. not sure if it works, or is just set up wrong...

ett_gramse_nap · Post by **ett_gramse_nap** » Wed Aug 18, 2004 8:06 am

thechris wrote:i'm trying shorewall. not sure what a good config is though. its running now, but isn't preventing me from accessing the net. not sure if it works, or is just set up wrong...

Have you downloaded one of those templates from their website?

agent_jdh · Post by **agent_jdh** » Wed Aug 18, 2004 10:52 am

thechris wrote:i'm trying shorewall. not sure what a good config is though. its running now, but isn't preventing me from accessing the net. not sure if it works, or is just set up wrong...

On grc.com you can quickly get your ports scanned to see if they're open or blocked (or stealthed or whatever) - there are other sites that are more comprehensive but I can't remember url's.

The latest templates are here-

http://slovakia.shorewall.net/pub/shore ... les-2.0.1/

I assume you're only using a single machine? Then get the 'one interface' tgz. Untar it into /etc/shorewall.

The key files really are-

/etc/shorewall/interfaces
/etc/shorewall/rules

Also, you need to have the kernel firewall stuff - I just build everything in the Netfilter section as modules, enable module autoloading and bingo shorewall loads the modules it needs when it starts.