Hi,

I am just start learning how to secure a linux server.

I have four computers behind a router at my home LAN. One computer installed RH 9.0 linux and other three installed Windows.

As a newbie, I would like to start by scanning the security holes of the linux server and then try to fix it.

Are there any freewares I can download and install in my Windows computer and then scan the linux server remotely.

Thanks and best regards

http://www.insecure.org/

try Nmap

Keep in mind it is not suggested to scan other networks or hosts unless they are your own servers for the purpose of testing.

Adding another linux install in the same n/w is the best way to go, because in my opinion, I dont think there are too many free softwares in windows which are good enough to help you tighten your linux box. I have tried nessus in my linux machine , but no idea how good it comes up on your win machines. Anyway, its worth a try.

Nessus works well

Hi,

I installed the Nmap in my Linux box. I also read the documentation. I also tried some test, e.g.
-----------------------------------------------------------------------------
[root@pclinux download]# nmap -sS 192.168.1.3

Starting nmap 3.50 ( http://www.insecure.org/nmap/ )
Interesting ports on 192.168.1.3:
(The 1653 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
1024/tcp open kdm
10000/tcp open snet-sensor-mgmt

Nmap run completed -- 1 IP address (1 host up) scanned in 3.521 seconds
------------------------------------------------------------------------------

I have some questions:

1. Which Scan Types (e.g. -sS) are most commonly usually used for security scanning?

2. How to analysis the outcome? And how to correct the security leak?

Best regards

in your case i'd use a vulnerability scanner such as nessus as opposed to a port scaner such as nmap. nmap will just tell you which ports are open on your machine, nessus will do a lil bit of analysis for you

if you just want a quick port scan, run (separately) nmap -sT and nmap -sU. one is for tcp, the other udp

Also make sure you check out NetCat, it's quite useful.

not in this case its not

If you would rather use something none server side you could try: Retina or GFI LANguard

Although they are not free they do have trial/limited versions.

im with linuxguy, nessus is god. Just becareful and dont abuse it.

I would recommend Nessus as well.

Very full featured for _internal_ use only.

Hi all,

Thanks for your suggestion. I will also try Nessus later. I read the documentation of Nessus, it seems that the scan report is more useful than Nmap.

Best regards

22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
1024/tcp open kdm
10000/tcp open snet-sensor-mgmt

If I was on the server, I would have closed the last two, because seriously there is no need to keep them open on a webserver.
Also, the same with 111 unless you have portsentry installed in there.

The best way to begin securing your box is to allow only the necessary ports open for the basic services, and block the rest.

Vivek Prasannan

Try Nessus ;)

if its just a simple server with proftpd(with no passive), apache, smtp, pop3, bind, ssh


INCOMING = 21,22,25,53,80,110
OUTGOING = 53

Originally posted by Doggy
Try Nessus ;)

thats a good idea, why didnt anyone else think of that..?

Originally posted by thelinuxguy
if its just a simple server with proftpd(with no passive), apache, smtp, pop3, bind, ssh


INCOMING = 21,22,25,53,80,110
OUTGOING = 53

ofcourse, it might be worth mentioning which protocols each port uses..

proftpd(with no passive) 21,
apache 80
smtp 25
pop3 110
bind 53
ssh 22

or you could list a bunch of ports and the generally accepted services that listen on them

tcp - ftp, web, smtp, pop3, ssh
udp - bind

iirc bind can also use tcp for transferring larger zone files

1/tcp portsentry
21/tcp ftp
22/tcp ssh
25/tcp smtp
53/tcp dns
80/tcp http
110/tcp pop-3
111/tcp portsentry
143/tcp imap2
443/tcp https
465/tcp smtps
953/tcp rndc
993/tcp imaps
995/tcp pop3s
2082/tcp cpanel
2083/tcp secure cpanel
2086/tcp whm
2087/tcp secure whm
2095/tcp webmail
2096/tcp secure webmail
3306/tcp mysql

53/udp dns

erm

why ?

that ranks amonst one of the most useless, off topic (and actually theres some bad info there too) posting ive seen on here in hte last few months

Hi,

The best way to begin securing your box is to allow only the necessary ports open for the basic services, and block the rest.

What ports (INCOMING and OUTGOING) should I open if I rent a dedicated server and selling hosting account?

Thanks

as mentioned above:

tcp - ftp (21), web (80), smtp (25), pop3 (110), ssh (22)
udp - bind (53)

maybe also tcp port 20 (ftp-data) and port 443 (https)

that ranks amonst one of the most useless, off topic (and actually theres some bad info there too) posting ive seen on here in hte last few months

I'm afraid I was only adding the ports required for the control panel to function. If you use basic iptables firewalling, you would need those for sure, if you want your control panel to function along with your webserver. Sorry for the confusion. Let me know if you have any questions.