John Summerfield and Tom Horsley wrote >Subject: Re: [Fedora] Seeing input on Securing the Linux system from >intrusions and attacks. > >Daniel B. Thurman wrote: >> I have finally got my F8 setup and running so now I am reviewing the >> security issues that needs to be taken into account. >> >> [snip!] >> >> Does anyone have any advice, links to great sites focused on security >> and how to secure your Linux box against intrusions and attacks? > > >What you need to do depends on what you're trying to protect. > [snip!] Summary: John: vpn, shorewall, don't use hosts.{allow,deny} because of iptables, systems cannot be port-scanned, keep watching logs. Firewall to control spam + use of "countermeasures" and manuall add block. Tom: ssh only. All other ports blocked(?). ============ Well, what I am trying to protect against? Well some are identified below but not limited to these. I found via iptraf, some of the things I added to the list below: 1) General iptable schemes to otherwise block IPs, domains, and general attacks such as those identified below. I am not well-versed in the use of iptables which is why I use firestarter at the moment and I haven't yet learned how to use shorewall as advised by John. 2) SYN/FIN/RST/CAN combo attacks [Note: I have seen a iptable "technique" to block various forms/combinations of SYN/FIN/RST/CAN combos. I cannot forsee the end-results of these attacks but it causes me some consternation. I get reports daily on these via my HW SonicWall firewall appliance and have no idea what to do. All I see are MAC addresses as "they" hide their source/destination OR are using packet schemes I do not recognize. Are these harmful, harmless, hog resources, or what? Beats me. ] 3) DDos/Spoof attacks [Note: My ports are "hammered" at times causing resource hogs. ] 4) Foil Port-scanner intrusions (various schemes) [Note: You can see "them", "walking the dog". ] 5) DNS attacks [Note: "They" are attempting to update/modify table entries. ] 6) Sendmail Spams, viruses, ... [Note: I am learning, trying to find ways to greylist, blacklist, regex, pattern/keyword blocks, ... but I am not there yet. As it is, it is very time consuming manually identifying spammer's IP/domain names and adding them to the block list. As it is, I get messages with [SPAM] marked and yet I still have to deal with them (deleting them) instead of not simply not wishing to receive them and some find find ways around spamassassin/clamav anyway. ] 7) Database attacks (MySql, PostgreSQL, ...) [Note: "They" are probing for holes, trying brute-force password cracking, and DDos attacks, or so it seems. ] 8) Website attacks (Apache, Tomcat, and others...) [Note: The same as above (7) but with more tricks since there are a lot of "doors" to attack. Yes, I am being vague in the interest of brevity. ] Anyway, this is my "short" list that I am working on right now, so I guess I have a lot of work to do. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list