Lesson 10

Date: 4/2/2014

Basics of Linux Security

Linux for Engineering and IT Applications

Closing ports

The open ports are related to the aplications/processes, which start either at the system startup or through inetd
To disable an application at the startup, use update-rc.d for system V startup scripts such as in /etc/rc2.d directory. Note, on Ubuntu 12.04, System V and Upstart are both present. For example


/usr/sbin/update-rc.d -f service_name remove

For the Upstart applications,


cd /etc/init
initctl stop service_name
mv service_name.conf service_name.disable
initctl reload-configuration

To disable a port in inetd, modify /etc/inetd.conf file, commenting out the services, for example:


# shell           stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.rshd
# login           stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.rlogind
# exec            stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.rexecd

Then make inetd daemon to re-read the configuration file:


killall -HUP inetd

Ref: more info on how to disable services on Ubuntu is here

Vulnerable services:
telnet, rsh, rcp, rexec, ftp, portmap, nfs, mountd, ypbind, ypserv.
Disable them if your computer is on the open Internet. But if you need them, install a firewall and implement the tcp_wrappers.

Relatively secure services:
Services protected with SSL libraries for encrypted connection such as SSH, LDAP, Apache; Kerberos.

Fundamentals of Linux security
How systems get compromised
Trojan script exercise
Stack overflow
Package upgrades and verification
Open Ports List exercise
Closing Ports
TCP Wrappers exercise
IP filtering firewalls (iptables)
Building iptables rules
Simple iptables script
NAT table
NAT script
Exercises with iptables
Port scanning exercises
GNU Privacy Guard
GPG exercises
Logs
System Integrity checks
GNUtar exercises
References
Take me to the Course Website