Hello
I have a Laptop wich is running Gentoo with 2.6.10 dev kernel which I
would like to make secure (locally/remotely). Thing is that our external
IT pro bet that he will hack my machine in no time, locally and remote.
Of course I said that he won't be able to do so Smile cos this is gentoo
and no color-bitmap distro with a lots of services running by default.
(I already read the Security Guide of gentoo and made my best out of it...)
I just wanna prove him wrong with his saying "Linux is insecure, Windows
Server 2003 is much more secure..." (ok this is a desktop system but
it's just a detail Very Happy )
I have difficulties with the hardened sources so that is probably not an
option.
Because I have a laptop I have 3 different NICs, internal LAN, internal
WLAN, pcmcia WLAN, which i use in dhcp an static enviroments. I'm
absolutely new to iptables so if someone could give some hints to set it
up properly for a changing enviroment i would be thankful. ( I already
have it working in the kernel only the rules with changing enviroments
is the problem)
What I did so far:
-Bios Password (had that since ever)
-Grub Password (to prevent unauthorized single user mode)
-Emerged Cracklib to check for insecure passwords
-Emerged chkrootkit (Maybe AIDE or tripwire would also be a good idea)
I don't have any special services running or at least I think that. I'm
using X with gnome. Apart from that everything should be standard...
netstat -an |grep LISTEN gives the following output: (not sure about
those listening apps...)
*Code:*
unix 2 [ ACC ] STREAM LISTENING 9368
/tmp/mapping-ph03n1x
unix 2 [ ACC ] STREAM LISTENING 6796
/var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 9151
/tmp/orbit-ph03n1x/linc-23a8-0-747990af24219
unix 2 [ ACC ] STREAM LISTENING 10230 /var/run/sdp
unix 2 [ ACC ] STREAM LISTENING 9250
/tmp/orbit-ph03n1x/linc-23cc-0-3c74524d40482
unix 2 [ ACC ] STREAM LISTENING 9450
/tmp/orbit-ph03n1x/linc-23e9-0-51420772e669c
unix 2 [ ACC ] STREAM LISTENING 9273
/tmp/orbit-ph03n1x/linc-23d0-0-234b493cb627
unix 2 [ ACC ] STREAM LISTENING 9295
/tmp/orbit-ph03n1x/linc-23ce-0-6fd415ea4991b
unix 2 [ ACC ] STREAM LISTENING 9312
/tmp/orbit-ph03n1x/linc-23d2-0-6fd415eaa17b7
unix 2 [ ACC ] STREAM LISTENING 9337
/tmp/orbit-ph03n1x/linc-23d6-0-2c6cd1b9c57f0
unix 2 [ ACC ] STREAM LISTENING 9481
/tmp/orbit-ph03n1x/linc-23eb-0-36888b137b61
unix 2 [ ACC ] STREAM LISTENING 9513
/tmp/orbit-ph03n1x/linc-23ed-0-2d56a133679c7
unix 2 [ ACC ] STREAM LISTENING 9549
/tmp/orbit-ph03n1x/linc-23ef-0-2d56a133e0eaa
unix 2 [ ACC ] STREAM LISTENING 9576
/tmp/orbit-ph03n1x/linc-23f1-0-1efbc33811b7b
unix 2 [ ACC ] STREAM LISTENING 9604
/tmp/orbit-ph03n1x/linc-23f3-0-1efbc3383485f
unix 2 [ ACC ] STREAM LISTENING 8760 /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 8914
/tmp/ssh-slrppa9099/agent.9099
unix 2 [ ACC ] STREAM LISTENING 8786 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 8928
/tmp/orbit-ph03n1x/linc-239e-0-64ef23a484ccf
unix 2 [ ACC ] STREAM LISTENING 8937
/tmp/orbit-ph03n1x/linc-238b-0-1776021e90190
unix 2 [ ACC ] STREAM LISTENING 9115
/tmp/.ICE-unix/9099
unix 2 [ ACC ] STREAM LISTENING 9123
/tmp/keyring-z2lvfy/socket
unix 2 [ ACC ] STREAM LISTENING 9132
/tmp/orbit-ph03n1x/linc-23a6-0-5b616fb4ba76e
unix 2 [ ACC ] STREAM LISTENING 9925
/tmp/orbit-ph03n1x/linc-242d-0-5ed286a6e3a73
Would be nice if some of you guys could point me to the main mistakes
someone unexperienced like me could make so I can fix that up or just
share your knowledge and experiences
I would also like to run snort on my laptop I think it could make sense,
don't you?
Whatever you have for me just shoot...
--
gentoo-security@gentoo.org mailing list
I have a Laptop wich is running Gentoo with 2.6.10 dev kernel which I
would like to make secure (locally/remotely). Thing is that our external
IT pro bet that he will hack my machine in no time, locally and remote.
Of course I said that he won't be able to do so Smile cos this is gentoo
and no color-bitmap distro with a lots of services running by default.
(I already read the Security Guide of gentoo and made my best out of it...)
I just wanna prove him wrong with his saying "Linux is insecure, Windows
Server 2003 is much more secure..." (ok this is a desktop system but
it's just a detail Very Happy )
I have difficulties with the hardened sources so that is probably not an
option.
Because I have a laptop I have 3 different NICs, internal LAN, internal
WLAN, pcmcia WLAN, which i use in dhcp an static enviroments. I'm
absolutely new to iptables so if someone could give some hints to set it
up properly for a changing enviroment i would be thankful. ( I already
have it working in the kernel only the rules with changing enviroments
is the problem)
What I did so far:
-Bios Password (had that since ever)
-Grub Password (to prevent unauthorized single user mode)
-Emerged Cracklib to check for insecure passwords
-Emerged chkrootkit (Maybe AIDE or tripwire would also be a good idea)
I don't have any special services running or at least I think that. I'm
using X with gnome. Apart from that everything should be standard...
netstat -an |grep LISTEN gives the following output: (not sure about
those listening apps...)
*Code:*
unix 2 [ ACC ] STREAM LISTENING 9368
/tmp/mapping-ph03n1x
unix 2 [ ACC ] STREAM LISTENING 6796
/var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 9151
/tmp/orbit-ph03n1x/linc-23a8-0-747990af24219
unix 2 [ ACC ] STREAM LISTENING 10230 /var/run/sdp
unix 2 [ ACC ] STREAM LISTENING 9250
/tmp/orbit-ph03n1x/linc-23cc-0-3c74524d40482
unix 2 [ ACC ] STREAM LISTENING 9450
/tmp/orbit-ph03n1x/linc-23e9-0-51420772e669c
unix 2 [ ACC ] STREAM LISTENING 9273
/tmp/orbit-ph03n1x/linc-23d0-0-234b493cb627
unix 2 [ ACC ] STREAM LISTENING 9295
/tmp/orbit-ph03n1x/linc-23ce-0-6fd415ea4991b
unix 2 [ ACC ] STREAM LISTENING 9312
/tmp/orbit-ph03n1x/linc-23d2-0-6fd415eaa17b7
unix 2 [ ACC ] STREAM LISTENING 9337
/tmp/orbit-ph03n1x/linc-23d6-0-2c6cd1b9c57f0
unix 2 [ ACC ] STREAM LISTENING 9481
/tmp/orbit-ph03n1x/linc-23eb-0-36888b137b61
unix 2 [ ACC ] STREAM LISTENING 9513
/tmp/orbit-ph03n1x/linc-23ed-0-2d56a133679c7
unix 2 [ ACC ] STREAM LISTENING 9549
/tmp/orbit-ph03n1x/linc-23ef-0-2d56a133e0eaa
unix 2 [ ACC ] STREAM LISTENING 9576
/tmp/orbit-ph03n1x/linc-23f1-0-1efbc33811b7b
unix 2 [ ACC ] STREAM LISTENING 9604
/tmp/orbit-ph03n1x/linc-23f3-0-1efbc3383485f
unix 2 [ ACC ] STREAM LISTENING 8760 /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 8914
/tmp/ssh-slrppa9099/agent.9099
unix 2 [ ACC ] STREAM LISTENING 8786 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 8928
/tmp/orbit-ph03n1x/linc-239e-0-64ef23a484ccf
unix 2 [ ACC ] STREAM LISTENING 8937
/tmp/orbit-ph03n1x/linc-238b-0-1776021e90190
unix 2 [ ACC ] STREAM LISTENING 9115
/tmp/.ICE-unix/9099
unix 2 [ ACC ] STREAM LISTENING 9123
/tmp/keyring-z2lvfy/socket
unix 2 [ ACC ] STREAM LISTENING 9132
/tmp/orbit-ph03n1x/linc-23a6-0-5b616fb4ba76e
unix 2 [ ACC ] STREAM LISTENING 9925
/tmp/orbit-ph03n1x/linc-242d-0-5ed286a6e3a73
Would be nice if some of you guys could point me to the main mistakes
someone unexperienced like me could make so I can fix that up or just
share your knowledge and experiences
I would also like to run snort on my laptop I think it could make sense,
don't you?
Whatever you have for me just shoot...
--
gentoo-security@gentoo.org mailing list