|
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--:: :: .ooO A Guide to Securing RedHat Linux 6.0 by wyze1 Ooo. :: ::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--:: :: :: :: A lot of people out there are raving about RH6, why exactly, I don't :: :: know, but they seem to think it's just great. ;P So, for lack of any :: :: hope of getting these people to start using *BSD or Solaris, I have :: :: designed a guide to securing Red Hat Linux 6.0 which covers all known :: :: problems up to date, although it doesn't really tackle other issues. :: :: :: :: Now, go to ftp://update.redhat.com and download the source for the new :: :: kernel supplied by RedHat for RH6 systems (2.2.5-22). Then, go and :: :: download the information on the Linux 2.2.x ICMP DoS that causes Kernel :: :: Panic - search Geek-Girl's BugTraq archive for it. <http://geek-girl.com>:: :: Apply the patch to fix this vulnerability. Now, recompile the Kernel, :: :: look in /usr/doc/HOWTO/Kernel-HOWTO if you don't know how. :: :: :: :: Now there haven't been any SUID vulnerabilities discovered in RH6 yet, :: :: but you probably don't want any just in case. You can nuke the lot of :: :: them simply by typing "chmod a-s -R / &". You may find some you want :: :: to re-SUID, like mount, but you probably won't need that many. :: :: :: :: Now, lets play with the Alt+SysRq Kernel hack, one of the nicest things :: :: about the new 2.2.x Kernel series. This hack allows you to press Alt, :: :: SysRq (Print Screen) and a Hotkey to perform various different tasks :: :: even when the system is not responding. You can press Alt+SysRq+K to :: :: kill all processes on the vterm you are using, or Alt+SysRq+M to dump :: :: memory information onto the screen and a whole bunch of other really :: :: neat things - none of which we are looking at in detail now, except for :: :: the one that makes the difference for security - Alt+SysRq+1-9. This :: :: hack determines how much of the kernel mumblings are logged. Having a :: :: lot of mumblings logged is generally quite nice, or, you can keep it at :: :: 1 or something and just jack it up when you need to. ;) :: :: :: :: Ugh. RedHat 6.0 has a stupid PAM'erized su. If you give the correct :: :: password to it, you become superuser immediately, and if you give the :: :: wrong password, there is a full one second delay before it tells you the :: :: attempt failed and logs the attempt. During this period, you can press :: :: Ctrl+Break to stop su and nothing will be logged, making it easy for :: :: some-one to brute-force the root password. Nuke su. It's a dumb program :: :: and I don't like it anywayz. ;) :: :: :: :: I hope you're not running X-Windows, but if you are, be sure to fix a :: :: few critical permissions in the UNIX 98 PTYs which could give you :: :: trouble by typing chmod 600 /dev/pts/* :: :: :: :: RedHat 6.0 also fucks up the permissions on the CD-ROM drive. A minor :: :: problem, but worth fixing anyway - Think of backups. Cat your /etc/fstab :: :: to see where your cdrom drive is and then chmod 600 /dev/whatever :: :: :: :: If you use KDE, and more specifically if you use K-Mail, then you are :: :: vulnerable to a silly symlink problem. Nuke K-Mail, Don't use K-Mail, or :: :: if you are a COMPLETE loser and you *really* want it, d/l the fix from :: :: ftp.kde.org/pub/kde/security_patches/kmail-security-patch.diff :: :: :: :: I think the ipop2d on RH6 in vulnerable to a remote buffer overflow :: :: exploit that produces a shell as user "nobody". I'm not sure, but if yer :: :: running an ipop2d yer a loser anyway, so who cares. ;) :: :: :: :: Now you should have a quasi-secure lame Linux box that is hopefully a :: :: bit less lame than when you started. This text only really covers what :: :: silly security problems need to be fixed, not common sense stuff. If :: :: you are new to *nix then you should get the Linux Administrators :: :: Security Guide from www.seifried.org/lasg - but not even that can :: :: completely teach you common sense. Make sure to close unwanted ports by :: :: checking your /etc/inetd.conf and preparing user's home directories :: :: properly, ie. like this... :: :: :: :: cd /home/redneck # Go to the home directory :: :: chattr +a .bash_history # Make history append only :: :: chown root.root .bash_profile # Make profile unmodifiable :: :: chown root.root .bash_logout # Make logout unmodifiable :: :: chown root.root .bashrc # Make bashrc unmodifiable :: :: :: :: There is a wealth of stuff you can do to make your system much more :: :: secure, but I'm not going to go into any of that right now. There are :: :: already too many lame guides to generic Linux security, and I don't :: :: feel like making another one. Later. :: :: :: :: --=====-- :: :: * Kat (guy@inside.thematrix.za.net) has joined #hack :: :: <wyze1> Guy... do you want to know... what... the matrix is? :: :: <wyze1> WELL I WONT TELL YOU, YA DUMB LITTLE FUCK!#%!$^%! THEY SAID I :: :: COULD HAVE A TALK SHOW, BUT NOOOOOOOOO, I HAVE TO BE IN A SCI-FI AND :: :: WEAR THIS G00FY TRENCHCOAT!^%$#^$!#%$ I HATE YOU ALL DAMNIT!#%@%^$# :: :: <wyze1> *sigh* :: :: * wyze1 sets mode: +o Kat :: :: --=====-- :: :: :: ::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::