Linux Folk ... need some help

I'm kinda lost here. I have to set up a secure Linux server and keep track of the steps I took to secure it.

I'm running Linux Mint 4.0 right now as my server

What do I do to secure it?
What can I use for a firewall?

I'm very weak with linux and the prof requirese that I do this. I haven o idea what to do with any of this stuff.

I downloaded snort and samhain but neither would install following the instrucitons via command line.

I'm like in deep stuff here

 

You can secure it from a network standpoint by limiting the number of applications listening on any given port.

# lsof -i tcp

will display output similar to as follows;

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
webAccess 1767 root 5u IPv4 3326 TCP *:webcache (LISTEN)
webAccess 1767 root 17u IPv4 5188 TCP *:8009 (LISTEN)
webAccess 1767 root 18u IPv4 5189 TCP localhost.localdomain:8005 (LISTEN)
cimserver 2492 root 3u IPv4 12858 TCP localhost.localdomain:32944 (LISTEN)
cimserver 2492 root 4u IPv4 12859 TCP localhost.localdomain:32945->localhost.localdomain:32944 (ESTABLISHED)
cimserver 2492 root 5u IPv4 12870 TCP localhost.localdomain:32944->localhost.localdomain:32945 (ESTABLISHED)
cimserver 2492 root 6u IPv4 13378 TCP *:5988 (LISTEN)
cimserver 2492 root 9u IPv4 13379 TCP *:5989 (LISTEN)
openwsman 2533 root 3u IPv4 13392 TCP localhost.localdomain:8889 (LISTEN)
cimserver 2544 root 3u IPv4 12858 TCP localhost.localdomain:32944 (LISTEN)
cimserver 2544 root 4u IPv4 12859 TCP localhost.localdomain:32945->localhost.localdomain:32944 (ESTABLISHED)
cimserver 2544 root 5u IPv4 12870 TCP localhost.localdomain:32944->localhost.localdomain:32945 (ESTABLISHED)
sshd 14178 root 4u IPv4 4274294 TCP pa-tse-h41.pasl.vmware.com:ssh->pmcclellan-xp.vmware.com:3383 (ESTABLISHED)
sshd 23075 root 4u IPv4 3298400 TCP pa-tse-h41.pasl.vmware.com:ssh->10.16.112.1:4045 (ESTABLISHED)
vmware-ho 23423 root 8u IPv4 3928985 TCP *:https (LISTEN)
vmware-ho 23423 root 9u IPv4 3928986 TCP *:http (LISTEN)
vmware-ho 23423 root 16u IPv4 4096541 TCP pa-tse-h41.pasl.vmware.com:45838->10.16.95.163:27010 (ESTABLISHED)
vmware-ho 23423 root 40u IPv4 3934452 TCP localhost.localdomain:https->localhost.localdomain:44176 (ESTABLISHED)
vmware-ho 23423 root 43u IPv4 3936666 TCP pa-tse-h41.pasl.vmware.com:https->10.21.3.222:4190 (ESTABLISHED)
vmware-ho 23423 root 47u IPv4 3937433 TCP pa-tse-h41.pasl.vmware.com:https->10.21.3.222:4205 (ESTABLISHED)
vpxa 23874 root 89u IPv4 3934451 TCP localhost.localdomain:44176->localhost.localdomain:https (ESTABLISHED)
xinetd 27447 root 5u IPv4 4579993 TCP *:vmware-authd (LISTEN)
sshd 31958 root 3u IPv4 654774 TCP *:ssh (LISTEN)

where the first column is the application listening and the last two columns are protocol, and the port (generally aliased to the service name, i.e. port 22 = ssh)

For firewall, i would suggest using Iptables, which is normally installed with most linux distributions (i am specifically unfamiliar with Mint 4.0). http://www.higherpass.com/linux/Tutorials/Iptables-Primer/1/ is a tutorial i found on google (no idea how indepth this is, i simply clicked on the first "Iptables primer" i found.)

 

For anti-virus, I would suggest ClamAV.

For a firewall, try Firestarter (GUI front-end for IPtables).

By default, most of the settings in a Linux system are pretty secure.

 

First thing I would do is get rid of Linux Mint. It is not a server distribution... it is tailored to the desktop. Install something like CentOS or Debian, and there are copious guides to hardening them out on the web. Good luck!

 

What about OpenSUSE? that is Red Hat based and can it act as a server? If not I'll start on a download of CentOS

 

I think OpenSUSE is also oriented to the desktop. You should definitely go with Debian.

 

Trying openSUSE didn't go too well. Desktop != server apparently.

I'm running Fedora now.

 

Any Linux distro can be configured to run as a server, some are just easier than others. Mint has a desktop focus, so yes, it is not as convenient as some others. Ubuntu has a version targeted as a server installation, and there are others. The *buntu family is a derivative of Debian, and Debian would be good.

 

I think that most people would say if you want a reliable, secure, super stable server installation, and you don't want to use a BSD system, Debian stable is your best bet.

 

Why don't you read the course material? Since this is for a uni credit course, I assume there are books and such that go with the class?

- For starters you can turn off all plain-text authentication methods, if they're not already off.

- Apply your distribution updates to make sure you get all the latest security patches.

- Configure the firewall

- Disable un-needed services (samba, apache, etc.)

 

Hello Folks,

I suggest Slack... It was actually my first distro...
But then you can go check out http://distrowatch.com/
<irony>I currently use Debian 4.0</irony>

mauser1891,
"Debian Powered"
Celeron M 440
2G 5300 RAM
BCM1390
TOSHIBA MK8034GS
TSSTcorpCDW/DVD TS-L462D
SynPS/2 Synaptics TouchPad

 

Ended up getting almost everytthing working with fedora server. The only problem I had was I couldn't get snort to work.

 

Good Snort is kinda strange anyway... it's a funky client-server type app that takes some knowledge of how it's built to get it properly working. I'm pretty sure fedora should have a snort package to install, though, if you want to try to load it anyway.