Mandrake 8.1
Jeff Courtade
jeff at courtade.net
Wed Dec 26 11:56:47 EST 2001
>
>
>>
><--------------------------------snip---------------------------------------
>
>I have used Pegasus, I'm thinking of trying it again but that will not
>totally guard against infiltration by hackers.
>If they want to get in they will. Even with a firewall! Especially if my
>case when I had not totally understand how to properly configure the
>Internet Security to pervent hackers from braking in. ie: port attack.
>
>I'm going to reinstall Linux on my boxes, but I have a question to put to
>the pro's. I'm using Norton Internen Security on my Windows boxes. Is there
>a open source program like Nortons Internet Security that I can install on
>my Linux boxes. Or does Mandrake 8.0 and onward have it built in? ie:
>Firewall/Antivrius programs.
>
Howdy,
I run Slak OBSD and FreeBSD at home.
In general I find the do it all for you tools to be next to useless
aside from giving me a few good ideas here and there.
I find they insulate users from knowledge and I think that is dangerous.
I am also a picky bugger they generally do things in ways i dont like :)
for strapping down internet accessable machines I generally turn off
everything in inetd and turn off anything that is running at boot that i
do not absolutley need
For doign this you either need to be root or be using sudo
sudo is great logs everything and keeps a bit of distance between you
and root.
to strap down inted you just edit /etc/inetd.conf and basically add a #
to every line in the thing :)
then HUP inted
ps -ef |grep i\\netd
find the PID and then kill -HUP the PID
I imagine mandrake is using xinetd not sure what file you edit for that
one man xinted
it does have a config file though
mandrake also uses sysV init i believe
checking for what is running shouldbe something like this
check inittab for the default runlevel
cat /etc/inittab |grep -v \#
that will jsut show you the inittab without any comments
you are looking for the line something like this
id:4:initdefault
that tells yout he system boots to run level 4 by default on boot
so you are interested in the symlinks in
/etc/rc4.d or /etc/rc.d/rc4.d ?
in your case it may be runlevel 5 just replace the number with the
default runlevel
ls -al /etc/rc4.d
the symlinks in this directory point to start scripts in
/etc/rc.d/init.d if it is a redhattish thing /etc/init.d if it is
solaris like
---------I dont have a mandrake box to look at this works on a few
nixes I am assuming it will in mandrake --------
anything starting with a S gets ran anything starting with a K or any
other letter for that matter doesnt get started at boot
Start reading man pages on everything is in that dir
read the scripts themselves as well they will tell you what is going on.
mv any S file you dont need to a K file generally you dont need about
90% of the stuff that is ran by default
obviously leave ssh enabled and your x realated stuff if you are using
it as a desktop
install nmap if you dont have it installed already and reboot the machine
nmap it see what it says is open and start shutting down other unneeded
services.
For a firewall system I would suggest using openbsd it costs money for a
cd but it is well worth it.
otherwise probably freebsd
ipnat and ipf are beutiful and easy to deal with and pretty much let you
do anything in the world.
I became frightened a long time ago by ipchains and still cant look at
it without shivering :) hehe this is a personal flaw I admit.
SO I know nothing about iptables or ipchains
I found ipnat and ipf to work so much easier than ipchains that i never
went back to linux for gateway firewalls.
on your firewall turn off everything! every service int he world
basically aside for ssh of course
start configuring ipnat or ipf or ipcahins or iptables or your bingo
card or ...
anyhow have fun
Jeff Courtade
>>
More information about the nflug
mailing list