Simple RedHat8 SECURITY quesiton?

Simple RedHat8 SECURITY quesiton?

Post by DiS gU » Thu, 31 Oct 2002 15:03:38



My Goal is to temporarly lock up a new installation of ReHat.
The system is on an internet PUBLIC IP .. (scary..)
For now all I want is full access from one station in my lan.
Lets say this stations IP is 123.123.123.123.

hosts.allow has the following entry..
   ALL: 123.123.123.123
hosts.deny has the following entry..
   ALL: ALL

When executing  " nmap -sT -O localhost "
Below are the only ports open...
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on lindo (127.0.0.1):
(The 1598 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
111/tcp    open        sunrpc
Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.5.25 or Gentoo 1.2
Linux 2.4.19 rc1-rc7)

Now I know from the 123... station I do have full access.
Is this station really save from the outside world.
To my knowledge all services from the outside should be stopped via
TCPwrappers ..

Am I safe???

 
 
 

Simple RedHat8 SECURITY quesiton?

Post by ynotsso » Thu, 31 Oct 2002 15:20:05



> My Goal is to temporarly lock up a new installation of ReHat.
> The system is on an internet PUBLIC IP .. (scary..)
> For now all I want is full access from one station in my lan.
> Lets say this stations IP is 123.123.123.123.

> hosts.allow has the following entry..
>    ALL: 123.123.123.123
> hosts.deny has the following entry..
>    ALL: ALL

> When executing  " nmap -sT -O localhost "
> Below are the only ports open...
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> Interesting ports on lindo (127.0.0.1):
> (The 1598 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 21/tcp     open        ftp
> 22/tcp     open        ssh
> 111/tcp    open        sunrpc
> Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.5.25 or Gentoo 1.2
> Linux 2.4.19 rc1-rc7)

> Now I know from the 123... station I do have full access.
> Is this station really save from the outside world.
> To my knowledge all services from the outside should be stopped via
> TCPwrappers ..

> Am I safe???

Safe from what, yourself? Why do a portscan of 127.0.0.1 when that is not
what the public is seeing?

Do a portscan of your public IP address so you can see what the world is
seeing.

                 tony

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

Simple RedHat8 SECURITY quesiton?

Post by DiS gU » Thu, 31 Oct 2002 15:36:52


Ok how about forget about the localhost portscan ...

The rules within hosts.allow and hosts.deny ..

will that not keep the publick out?




Quote:

> > My Goal is to temporarly lock up a new installation of ReHat.
> > The system is on an internet PUBLIC IP .. (scary..)
> > For now all I want is full access from one station in my lan.
> > Lets say this stations IP is 123.123.123.123.

> > hosts.allow has the following entry..
> >    ALL: 123.123.123.123
> > hosts.deny has the following entry..
> >    ALL: ALL

> > When executing  " nmap -sT -O localhost "
> > Below are the only ports open...
> > Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> > Interesting ports on lindo (127.0.0.1):
> > (The 1598 ports scanned but not shown below are in state: closed)
> > Port       State       Service
> > 21/tcp     open        ftp
> > 22/tcp     open        ssh
> > 111/tcp    open        sunrpc
> > Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.5.25 or Gentoo
1.2
> > Linux 2.4.19 rc1-rc7)

> > Now I know from the 123... station I do have full access.
> > Is this station really save from the outside world.
> > To my knowledge all services from the outside should be stopped via
> > TCPwrappers ..

> > Am I safe???

> Safe from what, yourself? Why do a portscan of 127.0.0.1 when that is not
> what the public is seeing?

> Do a portscan of your public IP address so you can see what the world is
> seeing.

>                  tony

> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

Simple RedHat8 SECURITY quesiton?

Post by ynotsso » Thu, 31 Oct 2002 16:59:29



> Ok how about forget about the localhost portscan ...
> The rules within hosts.allow and hosts.deny ..
> will that not keep the publick out?

[...]

One could assume so, but I would never trust anything to
qualify a customer's installation other than a valid stress
testing from outside the LAN.

Portscan the public interface is the only way to see what
the public is seeing.

Even then, your versions of ftpd or sshd may be vulnerable.
It would be ludicrous to have port 111 open to public scrutiny.

          tony

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

Simple RedHat8 SECURITY quesiton?

Post by John Thompso » Sun, 03 Nov 2002 21:15:13



> My Goal is to temporarly lock up a new installation of ReHat.
> The system is on an internet PUBLIC IP .. (scary..)
> For now all I want is full access from one station in my lan.
> Lets say this stations IP is 123.123.123.123.

> hosts.allow has the following entry..
>    ALL: 123.123.123.123
> hosts.deny has the following entry..
>    ALL: ALL

        [clip...]

Quote:> Now I know from the 123... station I do have full access.
> Is this station really save from the outside world.
> To my knowledge all services from the outside should be stopped via
> TCPwrappers ..

> Am I safe???

tcp_wrappers only controls access to services that are started by
inetd/xinetd.

Wouldn't a firewall (ipchains/iptables) be a better idea?

--


 
 
 

Simple RedHat8 SECURITY quesiton?

Post by Paul Colquhou » Mon, 04 Nov 2002 10:40:01



|
|> My Goal is to temporarly lock up a new installation of ReHat.
|> The system is on an internet PUBLIC IP .. (scary..)
|> For now all I want is full access from one station in my lan.
|> Lets say this stations IP is 123.123.123.123.
|>
|> hosts.allow has the following entry..
|>    ALL: 123.123.123.123
|> hosts.deny has the following entry..
|>    ALL: ALL
|
|       [clip...]
|
|> Now I know from the 123... station I do have full access.
|> Is this station really save from the outside world.
|> To my knowledge all services from the outside should be stopped via
|> TCPwrappers ..
|>
|> Am I safe???
|
| tcp_wrappers only controls access to services that are started by
| inetd/xinetd.

Or, services that have been written to use the tcp-wrappers libraries
directly.

sshd can be compiled to do this.

--
Reverend Paul Colquhoun, ULC.    http://andor.dropbear.id.au/~paulcol
     Asking for technical help in newsgroups?  Read this first:
        http://www.tuxedo.org/~esr/faqs/smart-questions.html

 
 
 

1. Simple Security Question with RedHat8

My Goal is to temporarly lock up a new installation of ReHat.
The system is on an internet PUBLIC IP .. (scary..)
For now all I want is full access from one station in my lan.
Lets say this stations IP is 123.123.123.123.

hosts.allow has the following entry..
   ALL: 123.123.123.123
hosts.deny has the following entry..
   ALL: ALL

When executing  " nmap -sT -O localhost "
Below are the only ports open...
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on lindo (127.0.0.1):
(The 1598 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
111/tcp    open        sunrpc
Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.5.25 or Gentoo 1.2
Linux 2.4.19 rc1-rc7)

Now I know from the 123... station I do have full access.
Is this station really save from the outside world.
To my knowledge all services from the outside should be stopped via
TCPwrappers ..

Am I safe???

2. Complete Linux Resources

3. Very simple sofware installation quesiton

4. Why does Logitech mouse not work ?

5. X & Slackware quesitons ... (Simple)

6. DNS Named Error Message ...Help

7. simple Fax quesiton!

8. xrdb

9. simple network quesiton

10. OpenLdap Configure Simple Security Authentication

11. simple Apache security (group switch without suExec?)

12. simple(?) security/programming problem

13. Simple Security