Linux Security

[Tezdread]

Hi all,

I'm a little new to the world of Linux and would like to see what your opinions are on security.

I'm currently running SME Server (

http://www.e-smith.org)

as my Gateway/FTP Server and Firewall. I went for this due to the simple setup and strong security features but now I have found I want more out of Linux.

I'm in the process of installing SuSE 8.0 on a new system and I want this to be my main system that connects my network to the Internet. With being new to Linux I'm a little unsure how successful I will be in getting the SuSE box hooked up in the same way as the SME Server and also provide the same (or better) level of security.

So I was wondering if it would be better to try and continue to use the SME Server as a firewall/gateway with the SuSE box behind it on my network but for the SuSE box to also provide FTP/HTTP services for exteral users. If I the SME Server I am very limited on what I can do. I can't find/see log reports, can't give user access on a high level and can't set permissions on files or directories (just the default settings).

Would I be able to configure the SuSE box so that it will provide good security including log reports user access file permissions etc. If so how easy would this be for a beginer compared to routing through another Linux box (which may be more difficult for me)?

Lookm forward to your opinions.

Tezdread Tezdread
"With every solution comes a new problem"

 

[marsd]

Linux isn't easy for the beginner, administrating a server
is not easy for a beginner. Security is a matter of having
the information you need and doing something about it before the bad guys.

SuSE comes with a very decent firewall script (SuSE FIrewall)
in the security packages section. I suggest you install that,
subscribe to the suse-security list, and read the docs for the firewall.
Then use YOU to gather all the security/software updates.
Then configure the firewall.
Use xinetd if you run inetd driven services and
restrict access on two levels, the firewall,
and xinetd driven controls.

 

[Tezdread]

Cool,

I've now got SuSE installed and found the firewall settings and enabled the firewall. Something I don't understand though is this.

When I boot up I get the following messages. (in order)

Starting firewall initialisation (phase 1 of 3) done
Starting personal-firewall (initial) [not active] unused

Starting firewall initialisation (phase 2 of 3) done
Starting personal-firewall (final) [not active] unused

Starting firewall initialisation (phase 3 of 3) done

What is the difference between the Firewall which I've started and the personal-firewall which is currently unused and are there advantages of having both running? If so how do I activate the personal-firewall?

Thanks again Tezdread
"With every solution comes a new problem"

 

[marsd]

Did you subscribe to the suse-security list?
The firewall maintainer can take your questions there,
and in this case I would imagine it is just a matter of reading the docs in the packages section.

 

[whitetail]

put the linux box behind the SME server

that way you can start slowly with linux while the SME
server protects you

you might also wish to use a very cheap Linksys as your firewall - what do others think? (I am aware of no vulnerability on the cheap linksys)

Then you can focus on protecting the ports that you open up on the linksys.

Thank You Kindly

 

[w1nn3r]

Yes, i would like to elaborate on the point whitetail made, with a linksys router you can setup whats called DMZ or demiliterized zone, In other words it means that all inbound traffic that isnt specifically sent to a machine by the router gets automatically sent to the DMZ host. So you can setup port forwarding for things like SSH so that you can access your linux machine remotely and send all other traffic to a IP that isnt used on your LAN..so that any scans on your public IP would only reveal the ports that you have forwarded specifically. Just something to think about.