Hi all, I have just stepped over into some unchartered territory for me at least. Checking network things, using nmap to check ports and getting a firewall started. I am not running a network yet, so that may be a subject to kinda stay off of right now, but in doing the nmap command for my machine, I find I have some open ports that probably should not be! Although I am still on dialup with a dynamic IP address, I would like to shut these ports down just the same. Ports like telenet & printer, should not be open I am told and there may be some others? Is there a way to just close certain ports temporarily or permanently until you need or want them? Some ports should not be open at all, I know, so I need to take these out of the list. I also tried to start the personal firewall to help protect me in the interim, but in booting up, it doesn't seem to be fully activating. It gets to the second phase and exits with a status 1. I can provide info from my boot.log if that will help, but I suspect you gurus here know all those already! ;o) So, I need to close some ports and activate the firewall fully! Thanks in advance for your help. Patrick -- ---KMail 1.3.2--- SuSE Linux v7.3 Pro--- Registered Linux User #225206 Magic Page Products -- Amiga-SuSE-PC Sales & Service URL: http://home.sprintmail.com/~tracerb
Some ports like telnet can be closed through the inetd.conf, others you can deny access to through the use of hosts.deny The usage I am not sure of but I am sure there is a howto somewhere. Or you can set your port scanner to automatically lock certain ports from the start. -----Original Message----- From: Patrick [mailto:tracerb@sprintmail.com] Sent: Wednesday, April 10, 2002 9:43 AM To: SuSE List Subject: [SLE] Firewalls, Ports, etc. Hi all, I have just stepped over into some unchartered territory for me at least. Checking network things, using nmap to check ports and getting a firewall started. I am not running a network yet, so that may be a subject to kinda stay off of right now, but in doing the nmap command for my machine, I find I have some open ports that probably should not be! Although I am still on dialup with a dynamic IP address, I would like to shut these ports down just the same. Ports like telenet & printer, should not be open I am told and there may be some others? Is there a way to just close certain ports temporarily or permanently until you need or want them? Some ports should not be open at all, I know, so I need to take these out of the list. I also tried to start the personal firewall to help protect me in the interim, but in booting up, it doesn't seem to be fully activating. It gets to the second phase and exits with a status 1. I can provide info from my boot.log if that will help, but I suspect you gurus here know all those already! ;o) So, I need to close some ports and activate the firewall fully! Thanks in advance for your help. Patrick -- ---KMail 1.3.2--- SuSE Linux v7.3 Pro--- Registered Linux User #225206 Magic Page Products -- Amiga-SuSE-PC Sales & Service URL: http://home.sprintmail.com/~tracerb -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com
Ok Great! That sounds like what I need to do Michael as well as getting the firewall going, so could you give a step by step or lead me to the info? I will check the inetd.conf and hosts.deny, but the port scanner sounds interesting and I am completely lost on it! ;o) Patrick ======================== On Wednesday 10 April 2002 10:00 am, Michael Garabedian, was heard saying:
Some ports like telnet can be closed through the inetd.conf, others you can deny access to through the use of hosts.deny The usage I am not sure of but I am sure there is a howto somewhere. Or you can set your port scanner to automatically lock certain ports from the start.
-----Original Message----- From: Patrick [mailto:tracerb@sprintmail.com] Sent: Wednesday, April 10, 2002 9:43 AM To: SuSE List Subject: [SLE] Firewalls, Ports, etc.
Hi all,
I have just stepped over into some unchartered territory for me at least. Checking network things, using nmap to check ports and getting a firewall started. I am not running a network yet, so that may be a subject to kinda stay off of right now, but in doing the nmap command for my machine, I find I have some open ports that probably should not be! Although I am still on dialup with a dynamic IP address, I would like to shut these ports down just the same. Ports like telenet & printer, should not be open I am told and there may be some others?
Is there a way to just close certain ports temporarily or permanently until you need or want them? Some ports should not be open at all, I know, so I need to take these out of the list. I also tried to start the personal firewall to help protect me in the interim, but in booting up, it doesn't seem to be fully activating. It gets to the second phase and exits with a status 1. I can provide info from my boot.log if that will help, but I suspect you gurus here know all those already! ;o)
So, I need to close some ports and activate the firewall fully! Thanks in advance for your help.
Patrick
-- ---KMail 1.3.2--- SuSE Linux v7.3 Pro--- Registered Linux User #225206 Magic Page Products -- Amiga-SuSE-PC Sales & Service URL: http://home.sprintmail.com/~tracerb
I can send you a doc I used to do this with, If you go to the intrusion
detection section and look up portsentry, it should give you all you
need to do. I am using a version of it that is pretty good, you define
what ports to listen to, which to allow access to, and what to do when
that is violated, then if you use the other ones I have set up then you
can get the firewall to mail you replies of what is being done to the
computer. Hope it helps.
1.6 Intrusion Countermeasures
The internet is a rough place, hackers are waiting for disk space, email
services, and any information that they can sell for a price. It is
imperative that security measures be taken whenever possible to protect
your data, and the services your servers provide. The following
software packages will be used to do just that.
These packages can be found on the SuSE Goodies CD. Put them all in the
/opt directory for installation.
These are the following security programs that are used and their
purpose.
PortSentry-1.1 - PortScanner detection and IP Quarantine
Tripwire-2.3 - Detects changes to your system file structure
SecCheck-2.0- Checks security settings and reports suspicious activity
Scanlogd --2.2 Logs the port scans that it encounters.used in
conjunction with PortSentry.
Logcheck-1.1.1 - Mails the logs of all the above to an account of your
choosing.
DTK - Masquerades your machine as a machine of another type and gives
out false information regarding passwords and file system structure.
HardenSuSE-3.5
WARNING: From this point on you MUST be careful with what you type and
how you configure the software. Follow all directions to the letter.
1.6.1 Installing PortSentry
1. #mc
2. Browse to the /opt/portsentry-1.1 directory
3. highlight portsentry_config.h
4. Press F4 to open and edit the document
5. make sure the file looks like this
Then save any changes. If you have problems with the installation
instructions. README.install will give you a wealth of information
about this software.
6. highlight makefile
7. edit makefile
8. Make sure you change two things in this file
Change the INSTALLDIR to /var and the CHILDDIR to /portsentry. (This is
done to keep all software as centralized as possible, otherwise you will
end up losing where some of the config files are. Plus with the way the
Linux installation is set up, if a crash occurs you will still be able
to get this information for the extended partition while just remaking
the boot and / partitions.)
9. Highlight and open the file portsentry.conf
10. You will need to edit the following lines to get this software
to run correctly.
11. Uncomment the section that begins with "Use these if you just
want to be aware"
12. Make sure the Configuration Files directories are set to
/var/portsentry.
13. Set RESOLVE_HOST ="1"
14. Uncomment the KILL_ROUTE command for iptables support for Linux
15. Lastly, change the PORT_BANNER to personalize the message to
users that try to hack your system.
16. Edit the file portsentry.ignore to add ip addresses of your
trusted hosts.
Usually you will want to add your intranet addresses and add any remote
sites that you would want not to be blocked. In the case of Emergys, we
would add the Chennai office IPs.
17. Browse to the /opt/portsentry-1.1 directory
18. #make linux
19. Browse to the /etc/init.d directory
20. edit boot.local
21. add portsentry -tcp and portsentry -udp to the bottom of the
list (This file should look familiar)
Your boot.local file should now look something like this.
22. Browse to /etc
23. edit syslog.conf
Edit your file to look like the following
The messages going to -/var/log/messages will get delivered to an
account of your choosing.
The changes will not take effect until reboot. Or if you think you can,
try manually restarting the service. (Hint: Go to the directory
/etc/init.d , the commands are invoked by ./<filename> start or stop .
For the use of this software if you ever want to reinstate a host to
allow it to enter your system again, at the command prompt type #route
del
Some ports like telnet can be closed through the inetd.conf, others you can deny access to through the use of hosts.deny The usage I am not sure of but I am sure there is a howto somewhere. Or you can set your port scanner to automatically lock certain ports from the start.
-----Original Message----- From: Patrick [mailto:tracerb@sprintmail.com] Sent: Wednesday, April 10, 2002 9:43 AM To: SuSE List Subject: [SLE] Firewalls, Ports, etc.
Hi all,
I have just stepped over into some unchartered territory for me at least. Checking network things, using nmap to check ports and getting
a firewall started. I am not running a network yet, so that may be a subject to kinda stay off of right now, but in doing the nmap command for my machine, I find I have some open ports that probably should not
be! Although I am still on dialup with a dynamic IP address, I would like to shut these ports down just the same. Ports like telenet & printer, should not be open I am told and there may be some others?
Is there a way to just close certain ports temporarily or permanently until you need or want them? Some ports should not be open at all, I know, so I need to take these out of the list. I also tried to start the personal firewall to help protect me in the interim, but in booting up, it doesn't seem to be fully activating. It gets to the second phase and exits with a status 1. I can provide info from my boot.log if that will help, but I suspect you gurus here know all those already! ;o)
So, I need to close some ports and activate the firewall fully! Thanks in advance for your help.
Patrick
-- ---KMail 1.3.2--- SuSE Linux v7.3 Pro--- Registered Linux User #225206 Magic Page Products -- Amiga-SuSE-PC Sales & Service URL: http://home.sprintmail.com/~tracerb -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com
The easiest you can do is to setup the personal firewall and this should close all incomming connections. To test that it is efectively closed you should check your ports connection from outside. Don't scan your ports from your own host. If you get any error messages while booting the firewall check that it is the personal firewall (not SuSEfirewall or SuSEfirewall2) and check your config (is quite simple config). Pep Serrano On Wednesday 10 April 2002 15:43, Patrick wrote:
Is there a way to just close certain ports temporarily or permanently
know, so I need to take these out of the list. I also tried to start the personal firewall to help protect me in the interim, but in booting
Thanks Pep, I did use the personal firewall and set it for modem masg in "reject all connections" thing. I think that is right and should take care of it, but not sure yet. I would still like to figure out how to close those open ports though. There must be a simple command to do so or setting you can change in one of the config files? Patrick ================== On Wednesday 10 April 2002 10:35 am, Pep Serrano, was heard saying:
The easiest you can do is to setup the personal firewall and this should close all incomming connections.
To test that it is efectively closed you should check your ports connection from outside. Don't scan your ports from your own host.
If you get any error messages while booting the firewall check that it is the personal firewall (not SuSEfirewall or SuSEfirewall2) and check your config (is quite simple config).
Pep Serrano
On Wednesday 10 April 2002 15:43, Patrick wrote:
Is there a way to just close certain ports temporarily or permanently
know, so I need to take these out of the list. I also tried to start the personal firewall to help protect me in the interim, but in booting
-- ---KMail 1.3.2--- SuSE Linux v7.3 Pro--- Registered Linux User #225206 Magic Page Products -- Amiga-SuSE-PC Sales & Service URL: http://home.sprintmail.com/~tracerb
participants (3)
-
Michael Garabedian
-
Patrick
-
Pep Serrano