n00b in the house.. secure linux?

anyone know any good links on where to start learning about linux?
i'm an absolute n00b with linux, and i was hacked last week.. someone
removed my /etc/fstab file!
any good firewalls, anti-virus software about the place?
btw, im using Slackware 10, maybe a bad choice for a linux newcomer :s
thanks,
piratePenguin

On 2004-08-07, Declan Naughton <lgs@o2.ie> wrote:
> anyone know any good links on where to start learning about linux?
> i'm an absolute n00b with linux, and i was hacked last week.. someone
> removed my /etc/fstab file!
> any good firewalls, anti-virus software about the place?
> btw, im using Slackware 10, maybe a bad choice for a linux newcomer :s
> thanks,

Not if you're prepared to learn...it was my very first (and only,
still ;) ) linux distro. You said 'absolute n00b', so "man 1 intro"
for you :P. OK, after that...you probably found the docs in
/usr/doc/Linux-HOWTOs Check those out, and the standard 'man' command.
You can use search engines like www.google.com for any weird error
messages you might find. Just copy the message you get into the search
box and search for that. You'll find lots of stuff. Books to read...

1) http://linux-newbie.sunsite.dk/ First and foremost
and http://www.seifried.org/lasg/

2). http://www.tldp.org/HOWTO/Security-HOWTO/index.html

3). As much of www.tldp.org as you can stand ;)

4). Learn about X now, which one you chose. I stand with XFree86, but
I guess the rest of Slackware 10 is with x.org stuff now. Just hit
their websites, or look in the places above.

Tools to get/know:

1) Replace that inetd. http://www.xinetd.org. Why Slackware doesn't do
this I don't know. tcpwrappers & tcpd are your best friends. (learn
about hosts.deny, hosts.allow, man 5 hosts_access, man tcpd)

2) chkrootkit & lsof Search the web to find them. Don't take
chkrootkit as an absolute last-word on something if it does find
something 'odd'. It's a tool to help point out possiblities, not the
final word on whether your system is infected or not. Just reading
some of the posts in this newsgroup will tell you. Nmap is fun but
don't too carried away- what's visible inside and from the outside may
not be the same.

3) Iptables can be daunting to a newbie, but best learn it as quick as
possible. No way around it; you'll thank me later ;) There's guides
for it with the other guides in the URL's above. You might want to
find a pre-made script like Arno's Iptables Firewall until you get
them down. I started with that and it's been a great tool. (Thanks,
guy who made it...Arno? :P )

Websites & maillists:

http://www.linuxquestions.org/ This site got hugh. Lots of good Q & A.

Join Slackware security maillist. (Look on the website). Dshield &
Full Disclosure lists I like, but they're person choice. Most things
hit FD before the major linux distros announce them by about 2-3 days,
generally.

Golden Rules:

Don't run any service or open any ports until you know 100% what it is
and exactly how it works and how to run it. You'd be surprised the
info you can get of peoples machines that don't heed this rule. (Like
entire hard disks). If you don't let the crackers in you won't have to
worry about removing adore lkm's and finding trojan ssh's on some port
between 2000-9000.

Use the search engines. I prefer google, but there's more.
99.999999999% of the time you're not the first one to have that very
same question. It's most likely on the web, with the answer, somewhere.

Keep everything updated and check logs often. Know what's on your
system and what's going in and out. Never do anything but system stuff
as root. (I love that 'He who play in root eventually kill tree' sig
someone has, that's golden)

--
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

thanks alot jayjwa..
just what i was loking for
lot's of reading but i suppose it has to be done
thanks

Declan Naughton wrote:

> anyone know any good links on where to start learning about linux?
> i'm an absolute n00b with linux, and i was hacked last week.. someone
> removed my /etc/fstab file!

If that is *all* they did then you can provide proof - log files, stat
files, addresses, etc.

In other words, very very unlikely that someone who breaks in would
remove only your fstab - a file completely useless to an attacker, and
only moderately annoying to you when it's gone.

Either they removed or changed quite a bit more, or you made a booboo
and deleted it (much the more likely - really.)


--
J

All your bits are belong to us - again.

On 2004-08-31, Jeroen Geilman <not@rtpada.ln> wrote:
> Declan Naughton wrote:
>
>> anyone know any good links on where to start learning about linux?
>> i'm an absolute n00b with linux, and i was hacked last week.. someone
>> removed my /etc/fstab file!

You don't just have a system cracker, you have an insane system-cracker!

> Either they removed or changed quite a bit more, or you made a booboo
> and deleted it (much the more likely - really.)

Check out http://www.tldp.org/

I'm sure they have something for you.

--
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

jayjwa wrote:

> On 2004-08-31, Jeroen Geilman <not@rtpada.ln> wrote:
>
>>Declan Naughton wrote:
>>
>>
>>>anyone know any good links on where to start learning about linux?
>>>i'm an absolute n00b with linux, and i was hacked last week.. someone
>>>removed my /etc/fstab file!
>
>
> You don't just have a system cracker, you have an insane system-cracker!

Exqueeze me - do I look like a Declan to you ?

Get your attributions straightened out please, as well as your threading.

>>Either they removed or changed quite a bit more, or you made a booboo
>>and deleted it (much the more likely - really.)
>
>
> Check out http://www.tldp.org/
>
> I'm sure they have something for you.

Go fuck yourself.


--
J

All your bits are belong to us - again.