Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Linux Security Measures


  • Please log in to reply
5 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 5,293 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:09 AM

Posted 07 June 2015 - 07:53 PM

I know this has been done to death, but it's and interesting and important topic.  Anyone who is running any type of Security Software please post your experiences and links here.  I'll start off with one from home as usual:

 

http://www.bleepingcomputer.com/forums/t/467080/antivirus-for-linux/?p=2825606

 

http://www.ibm.com/developerworks/library/l-selinux/

 

http://www.eset.com/us/home/products/antivirus-linux/

 

http://www.tuxradar.com/content/get-best-virus-scanner-linux

 

https://wiki.ubuntu.com/BasicSecurity

 

Thanks pcpunk


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


m

#2 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 08 June 2015 - 01:21 AM

Nothing major to share, but I've been fiddling around with Elementary OS in a virtual-machine, and I wanted some basic firewall protection while I'm using it. Elementary OS comes with a firewall, but it's not turned on so I enabled it and created some basic rules.  

Rules:
Deny TCP ipv6 in 1-65535
Deny TCP ipv4 in 1-65535
Deny UDP ipv6 in 1-65535
Deny UDP ipv4 in 1-65535

So these rules deny incoming TCP and UDP connections on all ports. This means I can use the network, but I'm only exposed on connections I start, everything else incoming from outside sources is blocked. To verify the rules were working I used netcat on Lubuntu to try and send a message to my terminal. When the firewall is on I can send a message to Lubuntu, but can't recieve one. When the firewall is off I can send and recieve. Which is exactly what I wanted.

Screenshots of the test:
 
1. Sending a message to Lubuntu
AuhLZIe.png
 
2. Sending A Message To Elementary With The Firewall Rules Enabled
g8v3WjL.png

3. Sending A Message To Elementary With The Firewall Rules Disabled
9SLtOIr.png

Edited by hollowface, 08 June 2015 - 01:22 AM.


#3 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,779 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia

Posted 08 June 2015 - 01:56 AM

Playing with Ip Tables can be fun.................. Until you mess it up so bad you cant do anything LOL...... Kinda like I did a long time ago.

Basic Guide on IPTables (Linux Firewall) Tips / Commands

 

The Beginner's Guide to iptables, the Linux Firewall


Edited by NickAu, 08 June 2015 - 01:56 AM.


#4 mremski

mremski

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:02:09 AM

Posted 08 June 2015 - 05:46 AM

hf:  that can be simplified/state more elegantly. 

 

Start with a default deny stance:  Everything is dropped unless explicitly allowed.  You wind up have simpler rules, a better position overall because it's much easier to turn something on, then to turn something off

if you don't need it.  A good example would be NETBIOS traffic from Windows machines:  if your Linux box is a gateway for them, you want to just drop all of that, especially don't leak it to the Internet.

Here's an example pulled from http://superuser.com/questions/427458/deny-all-incoming-connections-with-iptables

The default policies shown deny all incoming and forwarding traffic, permit everything on loopback, finally, allow established connections to come back in.
To fine tune you could change default output to DROP and then explicitly add rules for the traffic you want to allow.  HTTP/HTTPS, SSH, NTP, DNS, SMTP/SMTPS, POP3/POP3S,
IMAP are often enough to do 90% of what a typical enduser needs.

# Set default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Accept on localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow established sessions to receive traffic
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#5 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 08 June 2015 - 02:02 PM

Here's an example pulled from http://superuser.com/questions/427458/deny-all-incoming-connections-with-iptables


I'm familiar with the general approach. I don't typically bother with a firewall in my vms (given what they usually used for), but back when I was multibooting I usually used IPTables when ever I needed a firewall as you can do alot more in it than with any front-end for it, though it comes at the cost of convenience. I'm a newb with Elementary OS, so I decided try the Firewall app instead.

#6 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,779 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:09 AM

Posted 08 June 2015 - 04:17 PM

 

I don't typically bother with a firewall in my vms

Same here.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users