Previous Page | Next Page

  1. Introduction
  2. About Linux
  3. Installation and getting started
  4. Logging in and out
  5. Basic Linux Commands
  6. Linux Files and File Permissions
  7. Linux Directory Structure
  8. Finding Files
  9. Linux Help
  10. Setting Time
  11. Devices
  12. Tips
  13. Accessing Other Filesystems
  14. Accessing Removable Media
  15. Making and Managing Filesystems
  16. Emergency Filesystems and Procedures
  17. LILO and Runlevels
  18. Init
  19. Environment, Shell Selection, and Startu
  20. Linux Kernel
  21. Package Installation and Printing
  22. Configuration, Logging and CRON
  23. Keys and Terminal Configuration
  24. Sound Configuration
  25. Managing Users
  26. Passwords
  27. Process Control
  28. Configuration and Diagnostic Tools
  29. Overall Configuration
  30. Using PAM
  31. Basic Network Setup
  32. Tools and Terms
  33. Novell and Printing
  34. Inetd Services
  35. Xinetd Services
  36. Other Network Services
  37. FTP and Telnet
  38. Samba
  39. Identd (auth)
  40. X Configuration
  41. X Use
  42. Using X Remotely
  43. X Documentation
  44. DNS
  45. DHCP and BOOTP
  46. Apache
  47. NFS
  48. PPP
  49. Mail
  50. Routing
  51. IP Masquerading
  52. Proxy Servers and ipchains
  53. UUCP
  54. News
  55. NIS
  56. Network Security
  57. Secure Shell
  58. Text Processing
  59. Shell Programming
  60. Emacs
  61. VI
  62. Recommended Reading
  63. Credits

Linux Network Security

Linux Firewall management

Regardless of your firewall type (proxy, packetfiltering, etc), it is not a good idea to have a firewall performing any more services than absolutely necessary. The services are best limited to the minimum services required to run the machine. I recommend that you do not provide NFS, TFTP, BOOTP, DHCP, web services, mail services, samba services, FTP, or telnet on your firewall unless absolutely necessary. If you must provide these services, be careful with wild cards in their configuration files that may allow blocks of systems or users to have access to your machine. Also if you are running these services, you should monitor security postings on these services so you are aware of any security holes associated with that particular service. If you must provide telnet or FTP, be sure you configure your tcp wrapper in the inetd.conf file for these services, and set the hosts.all and hosts.deny files as restrictive as possible. See the section on inetd services for information on how to do this. Policies for a firewall:

  1. Disable IP forwarding
  2. Limit services
  3. Monitor log files carefully including logfiles on any services running.
  4. Limit write access to files and directories on the firewall.
  5. Implement policies to prevent denial of services attacks along with IP spoofing and IP fragmentation attacks. Enabling user quotas can help prevent denial of service attacks.
  6. Limit access to services with the hosts.allow and hosts.deny files.
  7. Set parameters in your TCP wrapper and any other services to protect against anyone pretending to have another host's name or address. See the section on inetd.
  8. Be sure your /etc/securetty file will not allow root logins from unsecured locations.

System monitoring

Check your system log files often. They are in the /var/log directory. Check the log files /var/log/secure and var/log/messages daily. Also carefully monitor log files on any extra services you are running on your firewall.

General network policies
  • Configure the identd protocol to allow for user name lookups from client to server machines. This will make it easier to track down any user who abuses the system.
  • Use network monitoring tool software to detect abnormal activity on your system or an intrusion.

The Chroot environment

A chroot environment is an isolated environment which is separate from the real operating system. It has its own root environment complete with necessary programs, libraries, and modules required to run independently of the real operating system. In this way it can become more difficult to break into the real operating system and damage it. A program that has root privileges, can, however still get into the real operating system but it becomes more work for an intruder. Some network services that can be configured to run in a chroot environment include bind and Apache. This chroot system is designed to prevent someone who has exploited a security problem in a service from getting access to the real system.