Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 846
  • Last Modified:

How to protect linux server from hackers using iptables

I connected my Linux server in internet using static ip. I want to secure my linux server from hackers using iptables. I am new to iptables. we using only ssh in that server. I have configured RSA key based authendication. I want to know how to secure my linux server from hackers by blocking which port etc...
0
rajasekarramasamy
Asked:
rajasekarramasamy
3 Solutions
 
BlazCommented:
Protecting from intruders is not a simple task - it should be done by an expert. However there are some steps that should be followed:

1. Enable only services that are necessary for the server - For example do not run bind if you don't use it.
2. Keep the programs up to date to avoid exploits of known security issues
3. Close all ports but the ones necessary for operation
4. Limit SSH connections to known IPs (or use other protection measures - port knocking)

So iptables configuration depends on what services you wish to run. To allow http (port 80) from all IPs and SSH (port 22) from two IPs write:

iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -INPUT -p tcp --dport 80 -j ACCEPT
iptables -INPUT -p tcp --dport 22 -s 111.111.111.111 -j ACCEPT
iptables -INPUT -p tcp --dport 22 -s 222.222.222.222 -j ACCEPT
iptables -INPUT -j DROP
0
 
cjl7Commented:
And building on the previous comment the next step is to only allow stuff outbound as well. One primary goal of Crackers (we reserve the name hackers for people that like to hack stuff, i.e. not bad people...) is to be able to send spam.

So blocking outbound mail could be a good idea as well.

Cheers,

Jonas
0
 
Roachy1979Commented:
To put it simply, as Baz suggests....block everything, and allow only services that you explicitly need to, and make sure that access only occurs from IP's that you trust.

For example, if you know you need SSH access to the server from home, only permit SSH from your home IP address

Also - block outbound services.....as Jonas states.....unless you explicitly require those services - for example, if outbound mail is routed through a smarthost, permit only email to that host.

Linux is inherently more secure "out-of-the-box" - with no applications listening by default, but job ~1 for me when implementing a linux machine is getting iptables properly configured before installing any additional services....

You can check what ports (and applications ) are listening using

netstat -untap


0
 
nevvamindCommented:
Since your only using SSH, you'll quickly get going with the rules above.

However, this wont save you from the ever so ubiquitous Dictionary based brute-force attacks.
For this you need something which dynamically adaps to persistent unauthorized authentication attempts.
So use either Fail2Ban (http://www.fail2ban.org/wiki/index.php/Main_Page) OR DenyHosts (http://denyhosts.sourceforge.net/).
..... btw, fail2ban is better !
0
 
Roachy1979Commented:
You only need to worry about Fail2Ban if you're permitting SSH from any IP:

iptables -INPUT -p tcp --dport 22 -j ACCEPT

If you permit SSH only from specific IP's:

iptables -INPUT -p tcp --dport 22 -s xxx.xxx.xxx.xxx -j ACCEPT

then Fail2Ban isn't necessary - it is a great tool though if (like me) you use SSH from anywhere....
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now