[NTLUG:Discuss] Securing a RH6.0 box

[MadHat]

"J. Reeves Hall" wrote:
> 
> I'm running a Red Hat 6.0 box, and I've given an Indian hacker/friend
> permission to attack it in one week. He's strongly hinted that he plans
> to do a buffer overflow. The only conditions are a) petty DoS isn't fair
> game unless it results in root access, and b) rm -rf / isn't legal. I
> need advice on securing this box. What insecurities exist by default on
> RH6.0? I really want to defeat this dude :)

Games such as these needs rules.  You want to make your box next to
unhackable, turn offf all services and run it with a readonly
filesystem.

Otherwise look at tcp_wrappers (comes installed by default on RH 6) you
can just edit /etc/host.allow and /etc/host.deny  
edit /etc/inetd.conf and comment out every line that you don't know what
it is or don't use.  Make sure NFS is off and SMB and anyting else that
you don't use on a daily basis.  check out '/sbin/chkconfig --list' and
look at what is turned on when you reboot the machine.  (boot level 3 is
command line, boot level 5 if X windows login).  I usually use something
like
# /sbin/chkconfig --list | grep 3:on
and this will list all the services that will be started.  To turn them
off, run
# /sbin/chkconfig {service} {on|off}
i.e.
# /sbin/chkconfig nfs off

Remember this will not stop currently running processes, that is done
with the init scripts.
# /etc/rc.d/init.d/nfs stop

Remember this is RH specific.  Greb nmap from insecure.org  This will
allow you to run it on your machine and will tell you open ports.  There
is an RPM package of it.  

Run ssh instead of telnet.

check your logs daily.  Look at 'last' to see who logged in from where. 
If someone has come in from somewhere and it doens't look familiar,
change the password of that account.  Better  safe than sorry.  

Look at products like Tripwire and such to help you watch your logs.
http://securityportal.com/direct.cgi?/topnews/tn19990816.html
This site has some ideaas for watching for inturders.

-- 
MadHat