Who should be reading this document and why should the average Linux user
care about security? Those new to Linux, or unfamiliar with the inherent
security issues of connecting a Linux system to large networks like Internet
should be reading. "Security" is a broad subject with many
facets, and is covered in much more depth in other documents, books, and on
various sites on the Web. This document is intended to be an introduction to
the most basic concepts as they relate to Linux, and as
a starting point only.
Iptables Weekly Log Summary from Jul 15 04:24:13 to Jul 22 04:06:00
Blocked Connection Attempts:
Rejected tcp packets by destination port
port count
111 19
53 12
21 9
515 9
27374 8
443 6
1080 2
1138 1
Rejected udp packets by destination port
port count
137 34
22 1
The above is real, live data from a one week period for my home LAN.
Much of the above would seem to be specifically targeted at Linux systems.
Many of the targeted "destination" ports are used by well known
Linux and Unix services, and all may be installed, and possibly
even running, on your system.
The focus here will be on threats that are shared by all Linux users, whether
a dual boot home user, or large commercial site. And we will take a few,
relatively quick and easy steps that will make a typical home Desktop system
or small office system running Linux reasonably safe
from the majority of outside threats. For those responsible for Linux systems
in a larger or more complex environment, you'd be well advised to read this,
and then follow up with additional reading suitable to your particular
situation. Actually, this is probably good advice for everybody.
We will assume the reader knows little about Linux, networking, TCP/IP,
and the finer points of running a server Operating System like Linux. We
will also assume, for the sake of this document, that all local users are
"trusted" users, and won't address physical or local network
security issues in any detail. Again, if this is not the case, further
reading is strongly recommended.
The principles that will guide us in our quest are:
There is no magic bullet. There is no one
single thing we can do to make us secure. It is not that simple.
Security is a process that requires maintenance, not an objective to
be reached.
There is no 100% safe program, package or distribution. Just varying
degrees of insecurity.
The steps we will be taking to get there are:
Step 1: Turn off, and perhaps uninstall, any and all unnecessary services.
Step 2: Make sure that any services that are installed are updated and
patched to the current, safe version -- and then stay that
way. Every server application has potential exploits. Some have
just not been found yet.
Step 3: Limit connections to us from outside sources by implementing a
firewall and/or other restrictive policies. The goal is to allow only the
minimum traffic necessary for whatever our individual situation may be.
Awareness. Know your system, and how to properly maintain and secure it.
New vulnerabilities are found, and exploited, all the time. Today's
secure system may have tomorrow's as yet unfound weaknesses.
If you don't have time to read everything, concentrate on Steps 1, 2, and 3.
This is where the meat of the subject matter is. The Appendix has a lot of supporting information, which
may be helpful, but may not be necessary for all readers.
Security-Quickstart HOWTO for Linux
Copyright © 2001 Hal Burgiss.
This document is free; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
This document is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
You can get a copy of the GNU GPL at at http://www.gnu.org/copyleft/gpl.html.
Many thanks to those who helped with the production of this document.
Bill Staehle, who has done a little bit of everything: ideas, editing,
encouragement, and suggestions, many of which have been incorporated.
Bill helped greatly with the content of this document.
Others who have contributed in one way or another: Dave Wreski, Ian
Jones, Jacco de Leeuw, and Indulis Bernsteins.
Various posters on comp.os.linux.security, a great place to learn about
Linux and security.
The Netfilter Development team for their work on
iptables and connection tracking, state of the
art tools with which to protect our systems.
The author accepts no liability for the contents of this document. Use the
concepts, examples and other content at your own risk. As this is a new
document, there may be errors and inaccuracies. Hopefully these are few and
far between. Corrections and suggestions are welcomed.
This document is intended to give the new user a starting point for securing
their system while it is connected to the Internet. Please understand that
there is no intention whatsoever of claiming that the contents of this
document will necessarily result in an ultimately secure and worry-free
computing environment. Security is a complex topic. This document just
addresses some of the most basic issues that inexperienced users should be
aware of.
The reader is encouraged to read other security related documentation and
articles. And to stay abreast of security issues as they evolve. Security is
not an objective, but an ongoing process.
The current official version can always be found at http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/.
Pre-release versions can be found at http://feenix.burgiss.net/ldp/quickstart/.
Other formats, including PDF, PS, single page HTML, may be found at
the Linux Documentation HOWTO index page: http://tldp.org/docs.html#howto.
Changelog:
Version 1.2: Clarifications on example firewall scripts, and small additions
to 'Have I been Hacked'. Note on Zonealarm type applications. More on the use
of "chattr" by script kiddies, and how to check for this. Other
small additions and clarifications.
Version 1.1: Various corrections, amplifications and numerous mostly small
additions. Too many to list. Oh yea, learn to spell Red Hat correctly ;-)
Version 1.0: This is the initial release of this document. Comments
welcomed.
Any and all comments on this document are most welcomed. Please make sure you have
the most current version before submitting corrections or suggestions! These
can be sent to <hal@foobox.net>.