Linux Server Security Fundamentals
Enhance your understanding of basic Linux server security, from threats like port scans to setting up SSH for secure remote access. Explore firewall configurations, iptables, and SSH tricks for better server protection.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Basic Linux Security A Server Admin Perspective By: Jared Ledvina (jfledvin)
Threats: Port Scans Automated Attacks Your friends
iptables Operates in userspace Configures kernel level firewall Rules, rules, rules Simple Stateful Firewall
# Generated by iptables-save v1.4.18 on Sun Mar 17 14:21:12 2013 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :TCP - [0:0] :UDP - [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT -A INPUT -p udp -m conntrack --ctstate NEW -j UDP -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable -A INPUT -p tcp -j REJECT --reject-with tcp-reset -A INPUT -j REJECT --reject-with icmp-proto-unreachable COMMIT # Completed on Sun Mar 17 14:21:12 2013
SSH Secure Socket Shell Traffic is encrypted & secure Simple to setup and use Example: ssh user1@foobar.org ssh user1@foobar.org -p 12345
SSH Keys Public/Private Key Pair User Identification Optional Password Example: ssh-keygen -t rsa -b 4096 -C whateveryouwant -f ~/.ssh/herpderp
SSH Tricks Reverse SSH Tunnel SSH Config Random
Reverse SSH Tunnel From NAT ed System: ssh -R 19999:localhost:22 sourceuser@141.219.xx.x After logging into 141.219.xx.x ssh localhost -p 19999
~/.ssh/config Example: Host myserver HostName 141.219.123.123 Port 12345 User bob Host other_server HostName test.something.org User alice IdentityFile ~/.ssh/herpderp.privatekey
Random Redirect Microphone output to remote system: dd if=/dev/dsp | ssh -C user@host dd of=/dev/dsp Mount Remote Filesystem on local machine: sshfs remote-host: local-mount-directory Auto reconnect SSH: autossh -M 0 -o "ServerAliveInterval 45" -o "ServerAliveCountMax 2" username@example.com Forward GUI or X-based programs from remote system: ssh -X username@example.com firefox
