Which one should I install, IP Tables or IP Chains?
I'm running this kernel, 2.4.2-2. I have Red Hat 7.1 with Plesk on the box. I am a total newbie to redhat, however I do want to secure my server. I have already installed OpenSSH, and closed telnet. Now I want to install IP Tables or IP Chains.
If anyone can help me do this it would be great. Also if anyone has any other suggestions as to what other security measures I can take, please post them.
Thanks a lot, everyone's help is appreciated.

I have found iptables to be very rubust and easy to configure once you get the general grasp of the syntax. Also, IPTables has replaced ipchains...there is a reason for that you know ;) Sorry - wont be able to help you with the install - but the readme is very straight forward.

I would also suggest you have a look at http://www.psionic.com and review the products logcheck and portsentry - both are very effective and can save hours of pouring through log entries.

Best of luck my friend.

Originally posted by iamdave

Now I want to install IP Tables or IP Chains.
If anyone can help me do this it would be great. Also if anyone has any other suggestions as to what other security measures I can take, please post them.
Thanks a lot, everyone's help is appreciated.

Netfilter and IPTables are designed to work with the 2.4 kernel, I do not think IPChains will work.

I believe (and I am sure someone will correct me if I am wrong :D), Red Hat 7.1 has Netfilter/IPTables compiled into the kernel, so you just need to set up the rulesets.

There are some good setup instructions:

http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html

http://www.sys-con.com/linux/article.cfm?id=35 (authored by, ahem, yours truly ;)).

If you need sample IPtables configs:

http://www.linuxguruz.org/iptables/

And of course you can check the main docs out on the Netfilter page:

http://www.netfilter.org

Hope this helps

Can someone just list me the steps that are involved in setting it up?
Like which file do i put the rulesets in, etc...

Originally posted by iamdave
Can someone just list me the steps that are involved in setting it up?
Like which file do i put the rulesets in, etc...

No -- Read the links

THose links aren't helpfull when I don't understand what they mean. If you don't want to help then why do you post?

No offense intended, but his links where very good and contain valuable information. I assume you don't mean you don't understand what a link is? :D

http://www.sys-con.com/linux/article.cfm?id=35

Nice work Uuallan.

IAMDAVE,
RE Social engineering,
Be carefull about what security systems you are "explicitly" asking for install instructions for in public forums. If you go to lengths to get other people to show or tell you how to set up a particular system then you are giving away a valuable part of your overall systems security, info on your OS, the OS version, the security systems, the security software, and most important of all, your current level of knowledge on the subject. There are after all in the range of 10,000 registered users in this forum, I bet there all realy nice though! But if theres one CRIMINAL CRACKER here what do you think he is reading just now?

That is why I have not given out an IP nor a web address.
It would be very hard for someone to find my server IP out of millions of other IP's.

How about the firewall in redhat services? Is this a good one to use? Or is it bad?

Yep, I totaly agree, it would be very difficult.

Originally posted by iamdave
THose links aren't helpfull when I don't understand what they mean. If you don't want to help then why do you post?

If you look up the links, you will see there are pages and pages of information presented for your review. You are asking a very non-specific question: "How do I setup IPTables on a Red Hat 7.1 Server?"

There are a lot of different answers to this question, and how you set them up will vary from box to box. No one on the board can tell you exactly how to setup IPTables specifically for your needs. This is something you need to research for yourself. I see so many mistakes made from people that do not understand exactly what is happening with an IPTables ruleset and wind up locking themselves out of a server or something.

So, my post was very helpful, it provided you with everything you need to know to find out how to start setting up an IPTables firewall. You do not want to setup a firewall without understanding how the process works.

In the future, you may want to make your questions more specific, so you can be provided with an answer, something along the lines of:

How do I setup a rule in IPTables to block port 80 traffic to me server?

Not to be rude, but if you can't understand those pages you shouldn't have root access. Better get a sys admin.

uuallen, would you be able to tell me which ports should be left open? Such as those ports that would need to be left open on most all servers.
Besides, 21,22,25,80,53,110,143,443,3306.

Originally posted by iamdave

21,22,25,80,53,110,143,443,3306.

For FTP you 20 & 21. Although, I would argue that if you are truly worried about security, you would close 20 & 21 and force all file transfers over SCP. I also would run BIND and mail services on different services and close those ports down. I understand that this is not usually practical (and I certainly don't do it on my server :)), but it is something to consider.

So I only need to allow access to 20,21,22,25,80,53,110,143,443,3306???

If you are going to be running 3306, make sure you have set the root password and assighned a seperate user for webside access, this will save someone walking into your database with as little as a win32 box and setting it for you....

One thing that may help you right now is to stop root access! Yep completely! ONLY allow root access after entering from a seperate user account, then anyone who does get your root password has nothing but that, it is no good to them unless they know what account to enter from.

I didn't get what you meant about port 3306....can you explian?
The way you get into root on my server is....you login as admin, and supply a password then once authorized, you type 'su' then supply a password, and now you are root.

I am not familiar with any of these frontend hosting systems, but the Admin > Root is pretty much what I was saying. Thats good.

3306, is MySQL, there are many many ways to admin mysql. In many (i think all) cases the system is installed without a root password. You must set this as you need to admin your tables from the web so set your admin progy (phpmyadmin or similar) to use that password, then set up a user for the actual working scripts that only has access to the areas needed for that script.

Thats the quickest way to sort of secure it.

A better way is to create a user just for admin stuff that has limitd functionality depending upon your requirements, the create another user for each and every object/script you run.

If not you have very little database security, and remember you can do a whole lot of damage with an open database!

Learn the permissions different parts of MySQL because you need to know this to use it.

The instructions to do this are on the MySQL website for any platform.

Originally posted by uuallan


I also would run BIND and mail services on different services and close those ports down.

Hehe, drop bind, get tinydns!

Originally posted by clocker1996

Hehe, drop bind, get tinydns!

No thanks, Dan's license is too restrictive for me :).