Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to protect linux server from hackers using iptables

Posted on 2009-04-02
5
Medium Priority
?
844 Views
Last Modified: 2013-12-16
I connected my Linux server in internet using static ip. I want to secure my linux server from hackers using iptables. I am new to iptables. we using only ssh in that server. I have configured RSA key based authendication. I want to know how to secure my linux server from hackers by blocking which port etc...
0
Comment
Question by:rajasekarramasamy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 600 total points
ID: 24047554
Protecting from intruders is not a simple task - it should be done by an expert. However there are some steps that should be followed:

1. Enable only services that are necessary for the server - For example do not run bind if you don't use it.
2. Keep the programs up to date to avoid exploits of known security issues
3. Close all ports but the ones necessary for operation
4. Limit SSH connections to known IPs (or use other protection measures - port knocking)

So iptables configuration depends on what services you wish to run. To allow http (port 80) from all IPs and SSH (port 22) from two IPs write:

iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -INPUT -p tcp --dport 80 -j ACCEPT
iptables -INPUT -p tcp --dport 22 -s 111.111.111.111 -j ACCEPT
iptables -INPUT -p tcp --dport 22 -s 222.222.222.222 -j ACCEPT
iptables -INPUT -j DROP
0
 
LVL 14

Expert Comment

by:cjl7
ID: 24048566
And building on the previous comment the next step is to only allow stuff outbound as well. One primary goal of Crackers (we reserve the name hackers for people that like to hack stuff, i.e. not bad people...) is to be able to send spam.

So blocking outbound mail could be a good idea as well.

Cheers,

Jonas
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 75 total points
ID: 24048615
To put it simply, as Baz suggests....block everything, and allow only services that you explicitly need to, and make sure that access only occurs from IP's that you trust.

For example, if you know you need SSH access to the server from home, only permit SSH from your home IP address

Also - block outbound services.....as Jonas states.....unless you explicitly require those services - for example, if outbound mail is routed through a smarthost, permit only email to that host.

Linux is inherently more secure "out-of-the-box" - with no applications listening by default, but job ~1 for me when implementing a linux machine is getting iptables properly configured before installing any additional services....

You can check what ports (and applications ) are listening using

netstat -untap


0
 
LVL 3

Assisted Solution

by:nevvamind
nevvamind earned 75 total points
ID: 24057657
Since your only using SSH, you'll quickly get going with the rules above.

However, this wont save you from the ever so ubiquitous Dictionary based brute-force attacks.
For this you need something which dynamically adaps to persistent unauthorized authentication attempts.
So use either Fail2Ban (http://www.fail2ban.org/wiki/index.php/Main_Page) OR DenyHosts (http://denyhosts.sourceforge.net/).
..... btw, fail2ban is better !
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 24057818
You only need to worry about Fail2Ban if you're permitting SSH from any IP:

iptables -INPUT -p tcp --dport 22 -j ACCEPT

If you permit SSH only from specific IP's:

iptables -INPUT -p tcp --dport 22 -s xxx.xxx.xxx.xxx -j ACCEPT

then Fail2Ban isn't necessary - it is a great tool though if (like me) you use SSH from anywhere....
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question