[Klug-general] Ideas, Offerings & Questions

Matthew Macdonald-Wallace matthew at truthisfreedom.org.uk
Fri Jan 26 16:23:25 GMT 2007


Quoting David Halliday <david.halliday at gmail.com>:
> 4: In the past couple of days I have done more Linux like stuff. A
> friend needed a host for a website for a small hobby group (a site
> that will be used by about 8 people once or twice a week) Deciding
> that he needed LAMP (not provided by his ISP) and that he couldn't
> afford to pay hosting (anyone on the list with a stay at home wife and
> two small children will understand) and being not allowed to have a
> hosting box at home whirring day and night (again the wife factor) I
> was asked to provide the server. After setting everything up (I did
> need a good excuse to get geeky at home) on the server and opening
> ports on the firewall that comes with my ADSL router I figured that
> perhaps extra security was required.
> My Windows (Don't hold it against me) boxes have the Microsoft
> software firewall (seems sufficient)
> My Linux machines generally don't require the extra security (correct
> me if I'm wrong)
> But now I have a Debian server running (providing HTTP, SSH and FTP to
> the world.. not user name and password is needed for SSH and FTP) I'm
> assuming that I need some kind of software firewall on this box for
> safety and (also just for education) What would people recommend? I
> looked into firestarter but that requires GUI which I don't have/want
> on this box.
> Any ideas/recommendations?

IPTables == excellent!

Seriously, have a look at IP Tables.  I'd set them up from the  
physical console of the machine, that way when you start your ruleset  
with

# iptables -A INPUT -j DROP
# iptables -A OUTPUT -j DROP

which drops all packets, your ssh connection isn't cut off like mine  
was when I first tried this.

If you google for IP Tables Tutorials, there are loads of them out  
there, also the APress book "Hardening Linux" is very good as it  
covered securing individual processes and programs as well as setting  
up a firewall.

HTH,

Matt


-- 
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
"Sed quis custodiet ipsos custodies?"






More information about the Kent mailing list