Is my system secure? What else should I do?

I value advice from you security experts. Any tips appreciated. I want to
make my home desktop linux pc secure, but at the same time allow
network functionality for my computing activities (browsing, ftp
downloads/uploads with ftp client, reading newsgroups, email).

Mandriva (Mandrake) LE2005 linux distro, updated security and bug patches
with update feature in Mandriva control center, did urpmi install of
bastille and ran bastille to tune security, did urpmi install of guarddog
firewall and have it running (still need to learn more how to configure
it), have changed my passwords to what I consider strong passwords,
limiting sites that can store cookies with Firefox browser, have LinkSys
router with wireless normally turned off (also use WEP encryption and
limiti wifi access to specific MAC addresses), have ClamAV antivirus
installed (no viruses detected on a scan), installed chkrootkit and ran
it-- nothing nefarious detected, turned off what I think are unneeded
services. Changed passwords on all internet accounts and made them
different and strong. Oh yeah, I deleted my PayPal account, just sick of
seeing phishing emails from PayPal lookalikes.

What more should I do, could I do? Am I taking correct precautions? Where
is the weak link in the chain on my system?


--
"It said it needed Windows98 or better installed, so I installed Linux."

Proteus wrote:

<snip>

First, "secure" is a relative term. To an extent, no computer is completely
secure as long as someone can gain physical access to it, legally or
illegally.

As far as I am concerned, security is an ongoing process and is not
something that is achieved. You should always always be watching for
attacks by scanning logs among other things. You should commit to a process
of continually learning about security and security threats. For Mandriva,
I would suggest you learn a little about msec and the security levels and
KEEP YOUR SYSTEM PATCHED.

--
If posting off topic is OK, why have usenet groups or topics? How do you
expect to develope "community" if you don't respect others in the
"community" enough to address and respect the topic they post?? If
everything is crossposted, why have different groups??

On Thu, 01 Sep 2005 18:53:57 -0700, matt_left_coast wrote:
>... You should always always be watching for
> attacks by scanning logs among other things....

To be honest, I think myself and many linux newbies and novices are
daunted by the amount and variety of log files. Info overload. Can anybody
help in directing us newbies as to what log file to look at, what to look
for specifically, and how often, etc?

Proteus wrote:

> What more should I do, could I do? Am I taking correct precautions? Where
> is the weak link in the chain on my system?
>
>
Go here and about halfway down the page is 'Shields Up'. Click there and
play around a bit. Check which ports are open and which are stelth.

http://www.grc.com/default.htm

Then for anything you don't already have on your system check here:

http://networking.ringofsaturn.com/Tools/


On my system all ports are closed and I can not figure out how to make
them stelth.

Dave

Proteus <proteus@nowhere.net> wrote in news:pan.2005.09.02.01.42.04.709704
@nowhere.net:

> I value advice from you security experts. Any tips appreciated. I want to
> make my home desktop linux pc secure, but at the same time allow
> network functionality for my computing activities (browsing, ftp
> downloads/uploads with ftp client, reading newsgroups, email).
>
> Mandriva (Mandrake) LE2005 linux distro, updated security and bug patches
> with update feature in Mandriva control center, did urpmi install of
> bastille and ran bastille to tune security, did urpmi install of guarddog
> firewall and have it running (still need to learn more how to configure
> it), have changed my passwords to what I consider strong passwords,
> limiting sites that can store cookies with Firefox browser, have LinkSys
> router with wireless normally turned off (also use WEP encryption and
> limiti wifi access to specific MAC addresses),

Don't rely on WEP for secure wireless transmission. It is seriously flawed
(i.e easily cracked). Use WPA at the minimum. (I wouldn't trust WPA for
anything you are really worried about either).

Klazmon.

On Friday 02 September 2005 04:53, Dave Kelly stood up and spoke the
following words to the masses...:

> Proteus wrote:
>
>> What more should I do, could I do? Am I taking correct precautions?
>> Where is the weak link in the chain on my system?
>>
>>
> Go here and about halfway down the page is 'Shields Up'. Click there
> and
> play around a bit. Check which ports are open and which are stelth.
>
> http://www.grc.com/default.htm
>
> Then for anything you don't already have on your system check here:
>
> http://networking.ringofsaturn.com/Tools/
>
>
> On my system all ports are closed and I can not figure out how to make
> them stelth.

Just set up your /iptables/ rules to DROP the unwanted packets instead
of REJECTing them. ;-)

--
With kind regards,

*Aragorn*
(Registered Gnu/Linux user #223157)

On Friday 02 September 2005 03:42, Proteus stood up and spoke the
following words to the masses...:

<snip>

> What more should I do, could I do? Am I taking correct precautions?
> Where is the weak link in the chain on my system?

Install an intrusion detector such as /Prelude/ or /snort./ Install
/chkrootkit/ and run it on a regular basis, e.g. through a /cron/ job
overnight, with the output routed to a log file.

If you have your */boot* and/or */usr* (and eventually */opt*) split off
onto other partitions, have them automatically mounted read-only at
boot time. Mount all partitions except for the root filesystem with
the /nodev/ option. Mount */tmp* and */var* - if they reside on a
separate filesystem - with the /noexec/ and /nodev/ options.

Disable root login over /ssh./ Better yet, bring up the Mandrake
Security applet in the Mandrake Control Center and disable root login
alltogether. You can use /su/ to gain root privileges when needed.

Set up a /sulogin/ for single user mode. It'll require the root
password for booting up to or switching down to runlevel 1.

If your workstation has NFS access to a shared filesystem on another
UNIX box, make sure that the local root is owner of the files. This
will prevent anyone who gains root access on your own box from
tampering with the files on the share. They can assume your login
name, but they can't assume the local root identity on the NFS server.

Set up disk and memory quota. Even if a cracker does manage to guess
your user login and password, he won't be able to bring your system
down with a fork bomb.

Tighten your permissions. Remember that write access to a file does not
depend on the permissions of the file but on the permissions of the
directory it sits in. Use a "077" /umask/ for unprivileged user
accounts. Deploy ACL's (Access Control Lists - supported in /XFS,/
/reiserfs/ and /ext3/) if necessary.

Lastly, follow the advice of the other posters. ;-)

--
With kind regards,

*Aragorn*
(Registered Gnu/Linux user #223157)

Aragorn wrote:

>>On my system all ports are closed and I can not figure out how to make
>>them stelth.
>
>
> Just set up your /iptables/ rules to DROP the unwanted packets instead
> of REJECTing them. ;-)

I am also setting behind a router firewall. Will that make a difference
with the iptables set to drop?

Dave Kelly wrote:
> Aragorn wrote:
>
>>> On my system all ports are closed and I can not figure out how to make
>>> them stelth.
>>
>>
>>
>> Just set up your /iptables/ rules to DROP the unwanted packets instead
>> of REJECTing them. ;-)
>
>
> I am also setting behind a router firewall. Will that make a difference
> with the iptables set to drop?

Yes, unless you forward all ports from the router setting iptables to
drop will not make any difference

On Fri, 02 Sep 2005 15:00:46 +1200, Llanzlan Klazmon wrote:

...
> Don't rely on WEP for secure wireless transmission. It is seriously flawed
> (i.e easily cracked). Use WPA at the minimum. (I wouldn't trust WPA for
> anything you are really worried about either).
....

I have MAC address restrictions on for the wireless modem, so would
encryption even be needed? I am guessing yes, because am I correct in that
MAC address spoofing can easily be done?