Hi everyone, Last night while just looking to the /var/log/messages I have noticed that some one has fingered me and started an ftp action the following were logged home in.fingerd connect from bla bla home in.ftpd connect from bla bla now when I saw these messages I diconnected from the internet since I wa on dial up. However I am planning to swcith to cable modem which will allow continous connection. I want to know how can I control such actions. Is it enough I commment everything in the inetd.conf or are tehre additional things I can do. Is there a possibility to have firewall enabled while on dial-up and dynamic IP is provided by the ISP Thanks a lot in advance -- Togan Muftuoglu toganm@turk.net -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Sun, 30 Apr 2000, Togan Muftuoglu wrote:
I want to know how can I control such actions. Is it enough I commment everything in the inetd.conf or are tehre additional things I can do.
Edit /etc/hosts.allow /etc/hosts.deny . Start by denying everybody in hosts.allow.
Is there a possibility to have firewall enabled while on dial-up and dynamic IP is provided by the ISP
Should. I can't think of any reason why it shouldn't work. Nick -- Nick Zentena "The Linux issue," Wladawsky-Berger explained, "is whether this is a fundamentally disruptive technology, like the microprocessor and the Internet? We're betting that it is." -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Sun, 30 Apr 2000, Nick Zentena wrote: nz> On Sun, 30 Apr 2000, Togan Muftuoglu wrote: nz> nz> > nz> > I want to know how can I control such actions. Is it enough I commment nz> > everything in the inetd.conf or are tehre additional things I can do. nz> nz> Edit /etc/hosts.allow /etc/hosts.deny . Start by denying nz> everybody in hosts.allow. nz> nz> > nz> > Is there a possibility to have firewall enabled while on dial-up and nz> > dynamic IP is provided by the ISP nz> nz> nz> Should. I can't think of any reason why it shouldn't work. nz> Easily done, you can either create your own ipchain rules, or use the SuSEfirewall package which does it quite nicely as well. Check the examples file for how to configure it for a dial-up account. The trick is to call SuSEfirewall from within ip-up. nz> Nick nz> -- S.Toms - tomas@primenet.com - www.primenet.com/~tomas SuSE Linux v6.3+ - Kernel 2.2.14 -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"S.Toms" wrote:
nz> Edit /etc/hosts.allow /etc/hosts.deny . Start by denying nz> everybody in hosts.allow.
/etc/ host.allow has an uncommented line like below http-rman: localhost as and /etc/hosts.deny has uncommented line http-rman: ALL EXCEPT LOCAL is this enough or do I need to add other things as well
Easily done, you can either create your own ipchain rules, or use the SuSEfirewall package which does it quite nicely as well. Check the examples file for how to configure it for a dial-up account. The trick is to call SuSEfirewall from within ip-up.
That I did and now it runs the SuSEfirewall script hope I did the correct configuration -- Togan Muftuoglu toganm@turk.net -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Sun, 30 Apr 2000, Togan Muftuoglu wrote:
"S.Toms" wrote:
nz> Edit /etc/hosts.allow /etc/hosts.deny . Start by denying nz> everybody in hosts.allow.
/etc/ host.allow has an uncommented line like below
http-rman: localhost as
and /etc/hosts.deny has uncommented line
http-rman: ALL EXCEPT LOCAL
is this enough or do I need to add other things as well
All you are doing with those lines is controlling who can access http-rman Be parnoid and do this: host.deny ALL:ALL hosts.allow ALL: LOCAL If you need to allow people outside your machine to access things then open those things up selectively. Edit hosts.allow to include the people you want to access things. So if for example you have a ftp site that you want to access from someplace else then include something like IN.FTPD: IP# in hosts.allow. Do the same thing with any other service you want to open up. Nick -- Nick Zentena "The Linux issue," Wladawsky-Berger explained, "is whether this is a fundamentally disruptive technology, like the microprocessor and the Internet? We're betting that it is." -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
At 01:34 PM 04/30/00 -0500, Nick Zentena wrote:
All you are doing with those lines is controlling who can access http-rman
Be parnoid and do this: host.deny
ALL:ALL
hosts.allow
ALL: LOCAL
And as a reference, take a look at: man 5 hosts_access man 5 hosts_options Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Togan Muftuoglu wrote:
Last night while just looking to the /var/log/messages I have noticed that some one has fingered me and started an ftp action
the following were logged
home in.fingerd connect from bla bla home in.ftpd connect from bla bla
now when I saw these messages I diconnected from the internet since I wa on dial up. However I am planning to swcith to cable modem which will allow continous connection.
I want to know how can I control such actions. Is it enough I commment everything in the inetd.conf or are tehre additional things I can do.
Well, commenting most of /etc/inetd.conf out is a very good start. You'll also want to set up some firewalling rules using ipchains. For more info on doing this, see do the following: man ipchains less /usr/doc/howto/<yourlang>/IPCHAINS-HOWTO.gz less /usr/doc/howto/<yourlang>/Firewall-HOWTO.gz where <yourlang> is your language code - in my case en, possibly different for you.
Is there a possibility to have firewall enabled while on dial-up and dynamic IP is provided by the ISP
Yes, this is perfectly possible. Once you have your firewall rules sorted out, just write a script that will find out your current IP address and insert it in the appropriate places in your firewall rules, then call the script from ip-up. Hope that helps, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
----- Original Message ----- From: Chris Reeves <chris.reeves@iname.com> To: <toganm@turk.net>; SuSE Mailing List <suse-linux-e@suse.com> Sent: Monday, May 08, 2000 7:00 PM Subject: Re: [SLE] Question about security
Togan Muftuoglu wrote:
Last night while just looking to the /var/log/messages I have noticed that some one has fingered me and started an ftp action
the following were logged
home in.fingerd connect from bla bla home in.ftpd connect from bla bla
now when I saw these messages I diconnected from the internet since I wa on dial up. However I am planning to swcith to cable modem which will allow continous connection.
I want to know how can I control such actions. Is it enough I commment everything in the inetd.conf or are tehre additional things I can do.
Well, commenting most of /etc/inetd.conf out is a very good start. You'll also want to set up some firewalling rules using ipchains. For more info on doing this, see do the following: man ipchains less /usr/doc/howto/<yourlang>/IPCHAINS-HOWTO.gz less /usr/doc/howto/<yourlang>/Firewall-HOWTO.gz where <yourlang> is your language code - in my case en, possibly different for you.
Is there a possibility to have firewall enabled while on dial-up and dynamic IP is provided by the ISP
Yes, this is perfectly possible. Once you have your firewall rules sorted out, just write a script that will find out your current IP address and insert it in the appropriate places in your firewall rules, then call the script from ip-up.
Hope that helps, Chris
Also maybe edit the `/etc/hosts.allow` and `/etc/hosts.deny` files for tcpdwrappers (I think SuSE installs tcpd wrappers by default (if not search freshmeat.net for it)), this is a good way to quickly deny connections to services (to atleast anything run out of inetd ("/etc/inetd.conf")). This can also provide a "backup" security option incase something gets pass your firewall, which isn't to likely, but having multiply ways of denying connections in case one method fails can help a lot, so that there isn't one point of failure. Jack -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On 9 May, Chris Reeves wrote:
Togan Muftuoglu wrote: <snip>
Is there a possibility to have firewall enabled while on dial-up and dynamic IP is provided by the ISP
Yes, this is perfectly possible. Once you have your firewall rules sorted out, just write a script that will find out your current IP address and insert it in the appropriate places in your firewall rules, then call the script from ip-up.
Hope that helps, Chris </snip>
SuSE has some firewalling scripts in the "firewall.rpm" package. To start the firewall script when connecting, add the line "/sbin/init.d/firewall start" to the /etc/ppp/ip-up file (or /etc/ppp/ip-up.local if it already exists). I've made it the first line. -- Robert Wohlfarth rjwohlfar@bigfoot.com "My theory's right. Reality needs to be fixed." -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (7)
-
chris.reeves@iname.com -
jbarnett@axil.netmate.com -
moseley@hank.org -
rjwohlfar@bigfoot.com -
toganm@turk.net -
tomas@primenet.com -
zentena@hophead.dyndns.org