All entries for Friday 22 September 2006
September 22, 2006
This is continuing in my paranoid theme (and the theme of not spell checking), this should hopefully be good advice for anyone who wants to is concerned about security, and especially for those who are overly concerned…
First things first, don’t run as root for day to day operations, try not to login as root in the graphical interface at all – do it through the terminal, it’s far easier to control and not to get caught out by.
Alright, now we have the problem of rootkits. This is something which can be put down in your system to allow control over any number of things and is easily one of the top security threats you can face. Firstly you will want to make sure that your root password is strong, ie. make it take a few thousand years to brute force. Have a password which is ideally over 8 characters long, and has non standard characters in it – like !”£$%^ etc. and numbers and letters. This should halt most random attempts, but there are always other ways to get infected. A classic is installing something which is untrustworthy – because of this I only install open source software from the official (and livna) repos. (I know it seems a bit extreme, but at least it’s safe).
So lets assume that you have done that but want to check every now and again to get a little tick or “OK” sign to make you feel happy, you could do;
yum install rkhunter
This is a program to check for rootkits and gives you a nice green “OK” if it is. There shouldn’t be any red “WARNING” ones, but you might get one yellow (I do and after looking deeper I think it’s ok). Once it is installed to run it log in as root and type;
Chkrootkit is another which can be installed and always seems ok to me, although it can take a little bit of effort to find out what each warning means (for example it highlights your internet connection in the same way it would a rootkit. Chkrootkit is run just with the command;
Right, so that is done, but rkhunter will no doubt show up with one or two red warnings relating to ssh allowing remote root login. I would say only allow remote root login if you really know what your doing and really are sure you need to.
I wish that they would disable it as a default but, hey ho, they don’t.
Open up a terminal, log in as root, then type;
You’re now looking for a section which will look like this;
There will not be that dots before it (damn blog formatting) and the “PermitRootLogin yes” might have a hash before it, I don’t remember, but you want it to look like this;
(again ignore the dots at the start of the lines) This will stop people loging in remotely and hammering your system.
Right, that’s all I have time for now, later I’ll go through firewall settings (firestarter is great). Untill then some really useful website which you can look at are;
http://forums.fedoraforum.org/ (that’s a forum which if you register you can ask specific questions and get help… also I use it, so if you get really lucky… you might get someone competant to answer you questions)
http://www.fedorafaq.org/ (that has some good advice about getting stuff working and what have you – although I think they tend to play with selinux a lot when I’m not sure that it’s needed)
and as always if you post on here I might be able to help you, and failing that, you can always search in Google for your answer, I’m sure someone else will have had your problem, maybe on a forum and they often have answers… though sometimes don’t :S