Hi,

I want to secure a new box with redhat 7.2 kernel 2.4.9.31

So confused, ipchains, modprobe ipchains, iptables - turning things off like port 111 - But then i read not to turn off 111 when using redhat 7.2

Anyone got any advice how to find and turn off unwanted ports and services?

Which to configure modprobe ipchains, iptables - Don't think that ipchains is compatable with this kernel - Any help to a newbie would be appreciated. I've got the book, just need some advice :-)

Cheers

Steve

Hi Guys,

I'm willing to pay $100 for the securing of this box - Any takers?

Steve

dhslg,

I suggest you contact cperciva - he is as good as they come... though I dont know if he would take your offer, I am sure he will be willing to help

Cheers
Balaji

Thanks for the info :-)

Steve

Originally posted by dhlsg
I'm willing to pay $100 for the securing of this box - Any takers?

An hour? :)

Hi,

Well I'd just like to say that if anyone needs any security work doing then Mark Adams from http://www.bitserve.com is your man.

I just got him to go through my server and lock it down, all completed within a fixed time, good pricing and excellent communication. Everything being well documented for future reference.

If you need a security audit, check him out - Thanks Mark :-)

Steve

Hi,

I'm new to this site :) I noticed this posting and recently figured out how to use ipchains on RH 7.2 and thought I'd reply. When you do an install on RH 7.2 you have an option to set up a firewall. If you do, you will see a file in /etc/sysconfig called ipcahins. This is used during startup to set the rules and such. Here are mine

[root@sabrina root]# cd /etc/sysconfig
[root@sabrina sysconfig]# cat ipchains
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 217.156.72.231 -d 0/0 -j REJECT
-A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 -j REJECT
[root@sabrina sysconfig]#

Since this is a DNS and mail server, I blocked everything but these services. Notice the IP I blocked? This guy was trying to crack in via ssh. What a jerk! :angry:

Basically you put the more specific rules first as I did, then the more broad at the end. As you can see, I end with block everything. :D

Hope this helps. RedHat has great tutorials on ipchains and iptables. I plan on reading up on iptables, they are supposed to be better for blocking ********. did I say that :eek:

Hope this helps.

Regards,

Andres

Steve,
Thanks for the good word and for being such a patient person.

If I was sure that you wanted to advertise here, I'd plug your service. Your organization definitely seems to be set up for success.

Andres,
If you're using RedHat 7.2, you might try using iptables instead of ipchains. If you're going to continue using ipchains, you might want to use DENY instead of REJECT, as it requires less overhead.

Also, I would typically change the default INPUT policy to DENY, instead of adding those last DENY/REJECT rules. But that's just me.

Thanks for the advise Steve, I do plan on reading up on iptables, I kind of know ipchains, so I had it in my queue (trying to learn snmp right now) :)

Quick question if you don't mind .. How would you allow ICMP with input policy reject? What would you add to the /etc/sysconfig/ipchains? Maybe I missed alittle something, but I use ICMP to make sure my machine is alive right now.

Then again, I guess I could just add a line to accept ICMP from my testing box if I never planned on testing it elsewhere via ping and traceroutes ...

Andres

Originally posted by denisdekat
Thanks for the advise Steve, I do plan on reading up on iptables, I kind of know ipchains, so I had it in my queue (trying to learn snmp right now) :)

Quick question if you don't mind .. How would you allow ICMP with input policy reject? What would you add to the /etc/sysconfig/ipchains? Maybe I missed alittle something, but I use ICMP to make sure my machine is alive right now.

Then again, I guess I could just add a line to accept ICMP from my testing box if I never planned on testing it elsewhere via ping and traceroutes ...

Andres

Hi ,

I'd just get Mark to have a quick look inside your box - he'll tell you how to do it yourself next time :-)

Steve

Hi Mark,

Yes we will be advertising here - The new sites nearly finished - Private Label Reseller plans and the like available soon :-)


Thanks for the kind comments. Good working with you.
The Easter bunnies went down fine, my daughter left me one or 2 :-)

Steve