Mandrake 8.1

Wed Dec 26 11:56:47 EST 2001

>
>
>>
><--------------------------------snip---------------------------------------
>
>I have used Pegasus, I'm thinking of trying it again but that will not
>totally guard against infiltration by hackers.
>If they want to get in they will. Even with a firewall! Especially if my
>case when I had not totally understand how to properly configure the
>Internet Security to pervent hackers from braking in. ie: port attack.
>
>I'm going to reinstall Linux on my boxes, but I have a question to put to
>the pro's. I'm using Norton Internen Security on my Windows boxes. Is there
>a open source program like Nortons Internet Security that I can install on
>my Linux boxes. Or does Mandrake 8.0 and onward have it built in? ie:
>Firewall/Antivrius programs.
>

Howdy,

I run Slak OBSD and FreeBSD at home.

In general I find the do it all for you tools to be next to useless 
aside from giving me a few good ideas here and there.
I find they insulate users from knowledge and I think that is dangerous.
I am also a picky bugger they generally do things in ways i dont like :)

for strapping down internet accessable machines I generally turn off 
everything in inetd and turn off anything that is running at boot that i 
do not absolutley need

For doign this you either need to be root or be using sudo
sudo is great logs everything and keeps a bit of distance between you 
and root.

to strap down inted you just edit /etc/inetd.conf and basically add a # 
to every line in the thing :)
then HUP inted
ps -ef |grep i\\netd

find the PID and then kill -HUP the PID

I imagine mandrake is using xinetd not sure what file you edit for that 
one man xinted
it does have a config file though

mandrake also uses sysV init i believe

checking for what is running shouldbe something like this

check inittab for the default runlevel

cat /etc/inittab |grep -v \#

that will jsut show you the inittab without any comments

you are looking for the line something like this

id:4:initdefault

that tells yout he system boots to run level 4 by default on boot

so you are interested in the symlinks in

/etc/rc4.d or /etc/rc.d/rc4.d ?

in your case it may be runlevel 5 just replace the number with the 
default runlevel
ls -al /etc/rc4.d

the symlinks in this directory point to start scripts in 
/etc/rc.d/init.d if it is a redhattish thing /etc/init.d if it is 
solaris like

---------I dont have a  mandrake box to look at this works on a few 
nixes I am assuming it will in mandrake --------

anything starting with a S gets ran anything starting with a K or any 
other letter for that matter doesnt get started at boot

Start reading man pages on everything is  in that dir

read the scripts themselves as well they will tell you what is going on.

mv any S file you dont need to a K file generally you dont need about 
90% of the stuff that is ran by default

obviously leave ssh enabled and your x realated stuff if you are using 
it as a desktop

install nmap if you dont have it installed already and reboot the machine

nmap it see what it says is open and start shutting down other unneeded 
services.

For a firewall system I would suggest using openbsd it costs money for a 
cd but it is well worth it.

otherwise probably freebsd

ipnat and ipf are beutiful and easy to deal with and pretty much let you 
do anything in the world.

I became frightened a long time ago by ipchains and still cant look at 
it without shivering :) hehe this is a personal flaw I admit.

SO I know nothing about iptables or ipchains
I found ipnat and ipf to work so much easier than ipchains that i never 
went back to linux for gateway firewalls.

on your firewall turn off everything! every service int he world 
basically aside for ssh of course

start configuring ipnat or ipf or ipcahins or iptables or your bingo 
card or ...

anyhow have fun

Jeff Courtade

>>