Secure your system

From LXF Wiki

(Difference between revisions)
Revision as of 23:48, 17 Nov 2010
Egecakibi (Talk | contribs)

← Go to previous diff
Current revision
M-Saunders (Talk | contribs)
Reverted edit of Egecakibi, changed back to last version by Guy
Line 1: Line 1:
->= Part 1 Find out what services you’re running =+= Part 1 Find out what services you’re running =
-&lt;div style=&quot;float:right;padding:10px;&quot;&gt;+<div style="float:right;padding:10px;">
-&lt;div style=&quot;background:white;width:160px;border:1px solid black;padding:10px;&quot;&gt;''Image''+<div style="background:white;width:160px;border:1px solid black;padding:10px;">''Image''
-&lt;br&gt;'''(Fig 1) Examining open ports on my laptop with lsof.'''&lt;/div&gt;&lt;/div&gt;+<br>'''(Fig 1) Examining open ports on my laptop with lsof.'''</div></div>
The most direct way to check which services are running on your machine is to explicitly query the open TCP and UDP ports, which you can do with the command '''lsof -i'''. '''Fig 1''', ''right'', shows a sample of the output, taken on my laptop, and I must confess that I don’t know what all that stuff on the screen is for. OK, I know that ‘portmap’ is the RPC portmapper and is used for services like NFS and NIS; I know that ‘master’ is the postfix mail transfer agent; and I know that ‘cupsd’ is something to do with printing. But surely those httpd2 (''Apache'') processes aren’t supposed to be there? Figuring out the purpose of these mystery daemons can be a challenge. Check if there’s a manual page, or try looking at the process hierarchy. For example, pstree shows that the hp and hpijs in '''Fig 1''' are descendents of cupsd and therefore presumably related to printing. Here’s the relevant fragment of output: The most direct way to check which services are running on your machine is to explicitly query the open TCP and UDP ports, which you can do with the command '''lsof -i'''. '''Fig 1''', ''right'', shows a sample of the output, taken on my laptop, and I must confess that I don’t know what all that stuff on the screen is for. OK, I know that ‘portmap’ is the RPC portmapper and is used for services like NFS and NIS; I know that ‘master’ is the postfix mail transfer agent; and I know that ‘cupsd’ is something to do with printing. But surely those httpd2 (''Apache'') processes aren’t supposed to be there? Figuring out the purpose of these mystery daemons can be a challenge. Check if there’s a manual page, or try looking at the process hierarchy. For example, pstree shows that the hp and hpijs in '''Fig 1''' are descendents of cupsd and therefore presumably related to printing. Here’s the relevant fragment of output:
-&lt;pre&gt;+<pre>
$pstree | head $pstree | head
init-+-acpid init-+-acpid
Line 15: Line 15:
| | |-sh---cat | | |-sh---cat
|-hp |-hp
-&lt;/pre&gt;+</pre>
There is probably little harm in running unnecessary services, but there’s always the possibility that they can be used to launch an attack. Buffer overflow attacks, in which a carefully crafted (and usually very long) data stream is presented to a server, can result in There is probably little harm in running unnecessary services, but there’s always the possibility that they can be used to launch an attack. Buffer overflow attacks, in which a carefully crafted (and usually very long) data stream is presented to a server, can result in
Line 24: Line 24:
By turning off services you don’t need, you significantly reduce your susceptibility to such attacks. The open source community is generally pretty quick to fix vulnerabilities discovered in their products, but of course that only helps you if you actually install the fixed version. In fact, the vast majority of attacks on computers are against vulnerabilities for which a patch is already available. That’s why it’s a good idea to subscribe to your Linux distributor’s update service, such as Red Hat’s ''Up2date'', and check for updates on a regular basis. By “regular” I do not mean that you should do it every three months (every three days might be nearer the mark). Attackers will not considerately defer their attack until you’ve By turning off services you don’t need, you significantly reduce your susceptibility to such attacks. The open source community is generally pretty quick to fix vulnerabilities discovered in their products, but of course that only helps you if you actually install the fixed version. In fact, the vast majority of attacks on computers are against vulnerabilities for which a patch is already available. That’s why it’s a good idea to subscribe to your Linux distributor’s update service, such as Red Hat’s ''Up2date'', and check for updates on a regular basis. By “regular” I do not mean that you should do it every three months (every three days might be nearer the mark). Attackers will not considerately defer their attack until you’ve
applied your quarterly updates. applied your quarterly updates.
- 
----- 
-<div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;"> 
----- 
-=[http://ifawaqumeq.co.cc Page Is Unavailable Due To Site Maintenance, Please Visit Reserve Copy Page]= 
----- 
-=[http://ifawaqumeq.co.cc CLICK HERE]= 
----- 
-</div> 

Current revision

Part 1 Find out what services you’re running

Image
(Fig 1) Examining open ports on my laptop with lsof.

The most direct way to check which services are running on your machine is to explicitly query the open TCP and UDP ports, which you can do with the command lsof -i. Fig 1, right, shows a sample of the output, taken on my laptop, and I must confess that I don’t know what all that stuff on the screen is for. OK, I know that ‘portmap’ is the RPC portmapper and is used for services like NFS and NIS; I know that ‘master’ is the postfix mail transfer agent; and I know that ‘cupsd’ is something to do with printing. But surely those httpd2 (Apache) processes aren’t supposed to be there? Figuring out the purpose of these mystery daemons can be a challenge. Check if there’s a manual page, or try looking at the process hierarchy. For example, pstree shows that the hp and hpijs in Fig 1 are descendents of cupsd and therefore presumably related to printing. Here’s the relevant fragment of output:

$pstree | head
init-+-acpid
     |-cron
     |-cupsd-+-foomatic-rip---foomatic-rip-+-foomatic-rip
     |       |                             |-sh---gs-+-hpijs
     |       |                                       |-sh---cat
             |-hp

There is probably little harm in running unnecessary services, but there’s always the possibility that they can be used to launch an attack. Buffer overflow attacks, in which a carefully crafted (and usually very long) data stream is presented to a server, can result in the server executing arbitrary code on behalf of an attacker. Such attacks are common, and rather depressingly are often successful.

For example, a buffer overflow vulnerability in the ProFTPd server allowed malicious users to gain root access to the machine by downloading a carefully crafted file in ASCII mode. This vulnerability was reported in September 2003 and is long since fixed; however, vulnerabilities have recently been reported in Skype, Adobe Reader, the Linux kernel and many other components.

By turning off services you don’t need, you significantly reduce your susceptibility to such attacks. The open source community is generally pretty quick to fix vulnerabilities discovered in their products, but of course that only helps you if you actually install the fixed version. In fact, the vast majority of attacks on computers are against vulnerabilities for which a patch is already available. That’s why it’s a good idea to subscribe to your Linux distributor’s update service, such as Red Hat’s Up2date, and check for updates on a regular basis. By “regular” I do not mean that you should do it every three months (every three days might be nearer the mark). Attackers will not considerately defer their attack until you’ve applied your quarterly updates.