Results 1 to 2 of 2

Thread: Linux Security: Find Out If Someone Is Trying To Hack My System

  1. #1
    Senior Member
    Join Date
    Jul 2006
    Location
    India, Delhi
    Posts
    208
    Thanks
    3
    Thanked 1 Time in 1 Post
    Rep Power
    8

    Default Linux Security: Find Out If Someone Is Trying To Hack My System

    I have doubt,
    1: how Linux system security know the remote system doing some bad behavior (hack like activities),

    2: In which file they maintain record, for bad systems for further considerations ?

  2. #2
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,500
    Thanks
    17
    Thanked 790 Times in 507 Posts
    Rep Power
    10

    Default

    • You need to monitor log files for activities. For e.g. /var/log/secure has info about failed ssh login. Configure logwatch to monitor all log files ( http://nixcraft.com/linux-software/4...-logfiles.html ) to monitor log files.
    • Turn on SELinux.
    • Install and configure firewall. Read firewall logs.
    • Protect server console (see Tips To Protect Linux Servers Physical Console Access)
    • Install IDS ( See Debian / Ubuntu Linux Install Advanced Intrusion Detection Environment (AIDE) Software ). It will send email if attacker tried to install new binaries.
    • Install rootkits checking software
    • (See Linux Detecting / Checking Rootkits with Chkrootkit and rkhunter Software)
    • Encrypt transmitted data whenever possible Do not use rservices or insecure protocol such as telnet / ftp etc. Use scp, ssh and other secure alternative.
    • Minimize software to minimize vulnerability - Only install required ports and applications. The simplest way to avoid vulnerabilities in software is to avoid installing that software.
    • Run different network services on separate systems - If possible, a server should be dedicated to serving exactly one network service. This limits the number of other services that can be compromised in the event that an attacker is able to successfully exploit a software flaw in one network service.
    • Use and configure security tools to improve system robustness - Use firewall for host based firewalling and kernel protection, MAC etc for protection against vulnerable services. Configure log auditing for detecting problems.
    • Updating Software - You need to update both base system + kernel via yum.
    • Avoid weak and default passwords - Do not leave network ports open. Always follow close all, open required port policy using firewall. Do not expose internal hosts such as sql servers, backup servers to the Internet. Use nating / proxy to hide internal server IPs.
    • Do not run insecure and badly configured programs - For e.g. do not run apache, dns or mail server as a root user. Do not grant full system access to php or perl script. Restrict them to directories.
    • Delete all unwanted account - For e.g. laid-off employee may seek revenge
    • You need both host and firewall security.
    • Never ever assumed that you are not target - you can be targeted by both humans and automated worms and virus. All you can do is set tight permissions and make sure you are always prepared for attacks.
    • Always make a backup. Keep offsite backups on tape or dvd. RAID is not backup solution. Second hard disk on the same system is not a backup solution. Mirroring (to other server or disk) is not a backup. Backups are physically removed from the machine and stored where they can't be altered until they're needed for a restore. Always, check backup media and run dummy restore procedure. Use tools such as dump(, restore(, tar(1) etc. You can also use rsync, rsnapshot and other 3rd party apps.
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: 15th November 2008, 10:13 AM
  2. AIX /etc/security/user like file for Linux
    By ftengcheng in forum Getting started tutorials
    Replies: 4
    Last Post: 25th March 2008, 01:28 AM
  3. hack
    By click007 in forum Getting started tutorials
    Replies: 1
    Last Post: 11th September 2007, 09:07 AM
  4. Which Linux network services pose a security threat?
    By chimu in forum Linux software
    Replies: 2
    Last Post: 20th July 2006, 06:59 PM
  5. find out info. reg. files for each user in the system
    By ganes in forum Solaris/OpenSolaris
    Replies: 6
    Last Post: 20th September 2005, 06:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •