An important aspect in safety and that many people ignore are more or less regular analysis of the system. These tests help us detect possible intrusions, assess and predict system security which are the main risks.
There are numerous tools for these tasks, some of them very simple, some complex. In this article I will introduce some that I found most useful and easy to use.
- What ports / services I have open? Nmap
Most remote intrusions occur through gaps in services we give to the outside. These services open ports through which it is theoretically possible to access the system.
nmap command we will (inter alia) to list these services:
sudo apt-get install nmap nmap localhost This will install nmap and list ports / services offered by our system, in my case for example this is the result: Starting Nmap
5.21 (http://nmap.org) at 12/09/2010 14:14 CET Nmap scan report for localhost (127.0.0.1) Host is up (0.00060s latency). Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1 RDNS record for 127.0.0.1: localhost.localdomain Not Shown: 997 closed ports PORT STATE SERVICE 21/tcp open ftp 139 / tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp These results correspond to sharing files using Samba (ports 139 and 445), the network printer service (port 631) and ftp file server that I installed (port 21).
If you see ports or services that you need not listed you can disable the corresponding package uninstalling or modifying the startup scripts by following this article Optimize The Boot (II) Bum
Note: If you do not know exactly what a port / service can consult the web http://www.speedguide.net/ports.php
Another important point to be scanned, is the router (mainly for those connections you have ADSL), this scan will show what ports / services are directly accessible from the outside. Nmap 192.168.1.1
Just have to give nmap the IP address of your router. In my case this was the result: Starting Nmap
5.21 (http://nmap.org) at 12/09/2010 16:30 CET Nmap scan report for 192.168.1.1 Host is up (0.0035s latency). Not Shown: 997 closed ports PORT STATE SERVICE 21/tcp These results correspond to the methods of access to the configuration of the router (telnet and web port 23 port 80) and ftp port forwarding (port 21) to my local file server.
If you see ports or services that you need not listed you can disable or restrict access from the outside by setting the correct options for your router.
Note: you can see what ports / services are visible from outside the scanner found http://www.speedguide.net/portscan.php
- Do I have cast a trojan? Rkhunter
A Trojan is a type of malicious software that is generally intended to theft of private information from the infected system. They differ from viruses in that they generally do not cause visible damage.
GNU / Linux is not invulnerable to this type of software and infection is relatively easy, to know if we have been "infected" by some kind of Trojan have rkhunter tool, installation is simple
sudo apt-get install rkhunter Once installed, run it with Order:
sudo rkhunter-c
This command will run a series of tests looking for Trojans and will ultimately result in a report like this: System checks
summary === ==================
File properties checks ... Files checked: 131 Suspect files : 0
Rootkit checks ... Rootkits checked: 242 Possible rootkits : 0
Applications checks ... All checks skipped
Took The system checks: 1 minute and 46 seconds
All results Have Been Written to the log file (/ var / log / rkhunter.log)
One or more warnings Have Been Found while checking the system. Please check the log file (/ var / log / rkhunter.log) If there is a Trojan program itself will give us instructions on how to remove and links to more information about the problem.
- What users enter the system? Lastlog
All access to the system are logged and can consult the register to see if someone is accessing your computer remotely as well as locally.
To view the log entries execute the command lastlog :
lastlog committed user and run rkhunter List of ports: http://www.speedguide.net/ports.php
Port Scanners on-line: http://www
- Help
- ADSL routers: http://www.adslayuda.com/
Ubuntu (I) - Introduction
Ubuntu Security (II) - User and Password Security (IV ) - The firewall
- Ubuntu (III) - Software Insurance Ubuntu Security
0 comments:
Post a Comment