qwijibow 0 Report post Posted February 4, 2005 NOTE: i first posted his a while ago in a securety thread, since then the mods moved the thread into a newy created "windows" sub forum... making me look pretty stupid... lol.so i moved it here... probably nothing you didnt already know, but maybe of some use to the newbs.And Just incase you are NOT running WIndows....here's the Linux Version on how to keep your system Secure......Firstly... FIREWALL !i would recomend either using a graphical frontned like Firestarter, but if you insiste on writing your own firewall......start withiptables -P INPUT DROPiptables -A INPUT -i lo -j ACCEPTiptables -A INPUT -m state --state ESTABLISHED,RELATED -k ACCEPTthen open extra ports if you are using any servies (like http or ftp etc etc)Next, running servies.. some distro's will automatically run serives on a default install (especially netowrk orientated distro's) shut all the ones you dont use down.So.... You have your firewall running, and your software is upto date !For a home system, this is secure againsed networked attacks,to protect yourself againsed maliciouse programs, follow the very simple rule... DO NOT LOGIN AS ROOT !If You DO run servies on yyour system, like Apache Web server, or maybe an FTP server, there are extra steps you can take...i would recoment instaling the following software.SNORT:Snort is a packet sniffer, a bit like a firewall.A firewall decides what connections are , and are not allowed... Snort then takes over from here and watches the allowed connections, it looks at there content for maliciouse code...For example, lets say there is an exploitable Buffer Overflow in a web servron your system... IF an attacker sends code over the netwok intended to exploit the overflow, Snort will detect it, and can be configured to block that persons IP on your firewall.TRIPWIRE or AIDE:this is a bit like the windows version of a "virus scanner" in windows, virus scanners scan files againsed virii fingerprints to detect if that file has a firus on it... its major drawback, is it will not detect a virus if the virii fingerprint in not in its database.....software like TripWire keep a database on oll critical files MD5sums'sif ANYTHING make any alteration to a file on your disk... like a hacker that has broke into your system,Tripwire will alert you.This doesnt prevent an attacker from getting into your system, but atleast when they do break in, they will be detected. and you can begin re-compiling any files they tampered with and lcok them out.other porgrams whihc you may want to run from time to time are RKhunter and f-prot.RKHUNTER is a Root Kit hunter.a root kit is a nasty breed of virus, it is loaded into your kernel as a module, from there it can do anything.theoretically, a root kit oculd do anything, and hide it from the user.example...a root kit could be running a web server, it would be serving a file called BootLeggedFilm.avi which could be savved anywhere on the disk, for example /root/however, when a logged in user ran "ls /root" the root kit would first run ls"ls /root" then remove the file it is servering from the list, before display ing it on screen. when your system has been rooted, the linux kernel becomes the virus.f-prota normal virus scanner, pretty much useless linux virii are so rare, and following simple rules like not abusing root will save you from them.all you really have to worry about is manual hacks though buggy daemons. Share this post Link to post Share on other sites