Security On Your Linux Machine

Home Page. Bobcat Open Systems, Inc.
Web Design
Website Redesign
Bobcat Open Systems, Inc. Website Portfolio
Website Animation. Includes flash movies and animaged gifs
E Commerce solutions offered by Bobcat Open Systems, Inc.
Art For The Web. Carol Hawkins Studio, a sister company of Bobcat Open Systems, Inc. can accomplish all types and styles of custom artwork for your site.
Custom Buttons
Logos for Business and Organization
Web Hosting with Bobcat Open Systems, Inc.
Software consulting with Bobcat Open Systems, Inc. software engineer.
Custom Software solutions for your business.
System Administration
About internet security offered by Bobcat Open Systems, Inc.
About Us
Frequently Asked Questions
Comments and kudos from our clients and others

Out of the box, your Linux system is set for very high security, so even though you may be wanting to make services available to other machines from your Linux machine, no other machine can connect to it. The machine is set up for the most hazardous environment, that of a casual user connected to the Internet.

Getting (controlled) access

We'll address two scenarios. In the first we will look at the most common, the machine exposed to the Internet without the benefit of a firewall. In the second, we will consider a machine on a network protected by a firewall.

Exposed to the Internet

Your machine has its own firewall installed, and it's set to nearly the highest level of security. The purpose is to keep crackers (the media calls them "hackers") out of your machine. There are known exploits of some services that can allow the intruder to become "root", and then he can install software that can break in to other machines, sniff your passwords and credit card numbers, and other nefarious deeds. Forget about allowing telnet into your machine, and think carefully about allowing ftp. Telnet is a major security hole primarily because passwords are sent in the clear, and anyone sniffing your network can read them. If you want a capability similar to telnet, then install and enable Secure SHell (SSH). It is found in the openssh RPMs, and may already be installed. To start it up, run (as root) service sshd start To have it come up automatically at boot time, run 

chkconfig sshd on

Now, you still have your firewall to deal with. Runlokkit or gnome-lokkit, and select "custom". Then mark SSH as a service to let through.

You will want a Secure SHell client for your Windoze boxes. There are several software packages available, many are freeware or shareware. I recommend PuTTY.

As far as ftp is concerned, you may not need it. SSH includes an scp (secure copy) and sftp (secure ftp). If you must have ftp, consider replacing the provided wu-ftpd with proftpd, which is considered to be more robust than wu-ftpd.

Isolated from the Internet

If your network is behind a good firewall, then you can open up whatever services you want, if you trust the others on the network. First you will want to turn off the firewall. Use lokkit to set things to "no firewall". Then use ntsysv to enable whatever services you want.

That said, I wasn't kidding about trusting others on your network. I still recommend using SSH to connect to your machine because it is secure and just as easy as telnet, in fact easier if you set things up right. Read up on "ssh-agent".

~ Bob McClure

Click Below To Email Us
Contact Bobcat Open Systems, Inc. web design professionals Contact Bobcat Open Systems, Inc. web design professionals

Bobcat Open Systems, Inc. 800/929-5513, 903/994-2823, width=

Last Modified: 06/02/2008 7:51 AM