[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

How to protect linux server from hackers using iptables

Posted on 2009-04-02
5
Medium Priority
?
849 Views
Last Modified: 2013-12-16
I connected my Linux server in internet using static ip. I want to secure my linux server from hackers using iptables. I am new to iptables. we using only ssh in that server. I have configured RSA key based authendication. I want to know how to secure my linux server from hackers by blocking which port etc...
0
Comment
Question by:rajasekarramasamy
5 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 600 total points
ID: 24047554
Protecting from intruders is not a simple task - it should be done by an expert. However there are some steps that should be followed:

1. Enable only services that are necessary for the server - For example do not run bind if you don't use it.
2. Keep the programs up to date to avoid exploits of known security issues
3. Close all ports but the ones necessary for operation
4. Limit SSH connections to known IPs (or use other protection measures - port knocking)

So iptables configuration depends on what services you wish to run. To allow http (port 80) from all IPs and SSH (port 22) from two IPs write:

iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -INPUT -p tcp --dport 80 -j ACCEPT
iptables -INPUT -p tcp --dport 22 -s 111.111.111.111 -j ACCEPT
iptables -INPUT -p tcp --dport 22 -s 222.222.222.222 -j ACCEPT
iptables -INPUT -j DROP
0
 
LVL 14

Expert Comment

by:cjl7
ID: 24048566
And building on the previous comment the next step is to only allow stuff outbound as well. One primary goal of Crackers (we reserve the name hackers for people that like to hack stuff, i.e. not bad people...) is to be able to send spam.

So blocking outbound mail could be a good idea as well.

Cheers,

Jonas
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 75 total points
ID: 24048615
To put it simply, as Baz suggests....block everything, and allow only services that you explicitly need to, and make sure that access only occurs from IP's that you trust.

For example, if you know you need SSH access to the server from home, only permit SSH from your home IP address

Also - block outbound services.....as Jonas states.....unless you explicitly require those services - for example, if outbound mail is routed through a smarthost, permit only email to that host.

Linux is inherently more secure "out-of-the-box" - with no applications listening by default, but job ~1 for me when implementing a linux machine is getting iptables properly configured before installing any additional services....

You can check what ports (and applications ) are listening using

netstat -untap


0
 
LVL 3

Assisted Solution

by:nevvamind
nevvamind earned 75 total points
ID: 24057657
Since your only using SSH, you'll quickly get going with the rules above.

However, this wont save you from the ever so ubiquitous Dictionary based brute-force attacks.
For this you need something which dynamically adaps to persistent unauthorized authentication attempts.
So use either Fail2Ban (http://www.fail2ban.org/wiki/index.php/Main_Page) OR DenyHosts (http://denyhosts.sourceforge.net/).
..... btw, fail2ban is better !
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 24057818
You only need to worry about Fail2Ban if you're permitting SSH from any IP:

iptables -INPUT -p tcp --dport 22 -j ACCEPT

If you permit SSH only from specific IP's:

iptables -INPUT -p tcp --dport 22 -s xxx.xxx.xxx.xxx -j ACCEPT

then Fail2Ban isn't necessary - it is a great tool though if (like me) you use SSH from anywhere....
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month10 days, 5 hours left to enroll

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question