On Wed, 2005-07-20 at 17:17, Mike McCarty wrote: > Scot L. Harris wrote: > > But if the port is closed, then I don't see my exposure. Except that > now they know the temporary (well, with DSL, not so temp) IP address. > That is what I was saying. Nothing should be able to get through that port, but the bad guys know there is a system at that address. More than likely they will just move on to the next address that has more interesting open ports available. :) Remember the idea here is to be just a little harder to crack than the next guy. :) > > I don't have any other computers on my "LAN". It comprises a > router and a computer. I have a cable run to another computer > with Windows 98 on it, which is turned off, and remains off. > If you wanted to you could use the windows system to run a scan against your linux box. From what you have described this is not really needed. Just something you might want to do just to learn from it. > I don't think I have much exposure from a computer which is off :-) > As long as it is physically secured and does not have any critical data on it that someone can steal..... :) > # service iptables status > Table: filter > Chain INPUT (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain RH-Firewall-1-INPUT (2 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT icmp -- anywhere anywhere icmp any > ACCEPT ipv6-crypt-- anywhere anywhere > ACCEPT ipv6-auth-- anywhere anywhere > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:smtp > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:http > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:https > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:ftp > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:ssh > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:telnet > REJECT all -- anywhere anywhere reject-with > icmp-host-prohibited > This tells me that you have enabled the default services in system-config-securitylevel. smtp (email), http/https (apache), ftp, ssh, and telnet have their ports opened on your system. Based on what you have described you can go into system-config-securitylevel and turn those off so those ports will not be open. > >>Hmm, I seem not to have chkrootkit, rkhunter, nor tripwire installed. > >> > > > Is there a way to get them from the original CDs? Or should I use > yum? > I would use yum. > > If you have the default iptables rules then things should be blocked > > from getting in. Additional steps can be taken to have iptables limit > > what can go out of your system. Only those applications that you use > > Ok, my iptables output is above. Any recommendations? > As mentioned above, if you are not using telnet, ssh, ftp, smtp, http to connect to your system you can disable those ports. For the truly paranoid the output chain would contain a list of rules that blocks everything but those applications you use. But that can be difficult to setup and maintain. > I guess so. I haven't seen anything which would encourage me > to use selinux, yet. > selinux is just another layer of defense. If some how a hacker managed to get on your system selinux should make it more difficult for that hacker to gain elevated privileges and/or modify certain critical files on your system. IMHO it will take a couple of years for selinux to develop fully and for the various distributions to implement policies that work for most users. -- Scot L. Harris webid@xxxxxxxxxx Behold the warranty -- the bold print giveth and the fine print taketh away.
