September 22, 2006

Concerning Security on a Fedora system

This is continuing in my paranoid theme (and the theme of not spell checking), this should hopefully be good advice for anyone who wants to is concerned about security, and especially for those who are overly concerned…

First things first, don’t run as root for day to day operations, try not to login as root in the graphical interface at all – do it through the terminal, it’s far easier to control and not to get caught out by.

Alright, now we have the problem of rootkits. This is something which can be put down in your system to allow control over any number of things and is easily one of the top security threats you can face. Firstly you will want to make sure that your root password is strong, ie. make it take a few thousand years to brute force. Have a password which is ideally over 8 characters long, and has non standard characters in it – like !”£$%^ etc. and numbers and letters. This should halt most random attempts, but there are always other ways to get infected. A classic is installing something which is untrustworthy – because of this I only install open source software from the official (and livna) repos. (I know it seems a bit extreme, but at least it’s safe).

So lets assume that you have done that but want to check every now and again to get a little tick or “OK” sign to make you feel happy, you could do;

yum install rkhunter

This is a program to check for rootkits and gives you a nice green “OK” if it is. There shouldn’t be any red “WARNING” ones, but you might get one yellow (I do and after looking deeper I think it’s ok). Once it is installed to run it log in as root and type;

rkhunter -c

Chkrootkit is another which can be installed and always seems ok to me, although it can take a little bit of effort to find out what each warning means (for example it highlights your internet connection in the same way it would a rootkit. Chkrootkit is run just with the command;

Chkrootkit

Right, so that is done, but rkhunter will no doubt show up with one or two red warnings relating to ssh allowing remote root login. I would say only allow remote root login if you really know what your doing and really are sure you need to.
I wish that they would disable it as a default but, hey ho, they don’t.
Open up a terminal, log in as root, then type;

gedit /etc/ssh/sshd_config

You’re now looking for a section which will look like this;
.#LoginGraceTime 2m
.PermitRootLogin yes
.#StrictModes yes
.#MaxAuthTries 6

There will not be that dots before it (damn blog formatting) and the “PermitRootLogin yes” might have a hash before it, I don’t remember, but you want it to look like this;

.#LoginGraceTime 2m
PermitRootLogin no
.#StrictModes yes
.#MaxAuthTries 6

(again ignore the dots at the start of the lines) This will stop people loging in remotely and hammering your system.

Right, that’s all I have time for now, later I’ll go through firewall settings (firestarter is great). Untill then some really useful website which you can look at are;

http://forums.fedoraforum.org/ (that’s a forum which if you register you can ask specific questions and get help… also I use it, so if you get really lucky… you might get someone competant to answer you questions)

http://www.fedorafaq.org/ (that has some good advice about getting stuff working and what have you – although I think they tend to play with selinux a lot when I’m not sure that it’s needed)

and as always if you post on here I might be able to help you, and failing that, you can always search in Google for your answer, I’m sure someone else will have had your problem, maybe on a forum and they often have answers… though sometimes don’t :S


- No comments Not publicly viewable


Add a comment

You are not allowed to comment on this entry as it has restricted commenting permissions.

September 2006

Mo Tu We Th Fr Sa Su
Aug |  Today  |
            1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30   

Search this blog

Galleries

Most recent comments

  • Thanks once again worked quite a couple times! by bmb on this entry
  • nice post commenting out the 'example' line and inserting country code did it for me. thanks Pete by pete on this entry
  • In a single word SUPERB….. Hope this ll be best guide for initial phase users like us.. Thank you … by vicks on this entry
  • I did as posted I have no file /etc/clamd.conf I am now using yum install clamav. still at a loss. I… by Chris on this entry
  • You have to put a # infront of the line that begins with EXAMPLE in /etc/clamd.conf Running freshcla… by john doe on this entry

Blog archive

Loading…
Not signed in
Sign in

Powered by BlogBuilder
© MMXVII