Solved

How to protect linux server from hackers using iptables

Posted on 2009-04-02
5
814 Views
Last Modified: 2013-12-16
I connected my Linux server in internet using static ip. I want to secure my linux server from hackers using iptables. I am new to iptables. we using only ssh in that server. I have configured RSA key based authendication. I want to know how to secure my linux server from hackers by blocking which port etc...
0
Comment
Question by:rajasekarramasamy
5 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 200 total points
ID: 24047554
Protecting from intruders is not a simple task - it should be done by an expert. However there are some steps that should be followed:

1. Enable only services that are necessary for the server - For example do not run bind if you don't use it.
2. Keep the programs up to date to avoid exploits of known security issues
3. Close all ports but the ones necessary for operation
4. Limit SSH connections to known IPs (or use other protection measures - port knocking)

So iptables configuration depends on what services you wish to run. To allow http (port 80) from all IPs and SSH (port 22) from two IPs write:

iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -INPUT -p tcp --dport 80 -j ACCEPT
iptables -INPUT -p tcp --dport 22 -s 111.111.111.111 -j ACCEPT
iptables -INPUT -p tcp --dport 22 -s 222.222.222.222 -j ACCEPT
iptables -INPUT -j DROP
0
 
LVL 14

Expert Comment

by:cjl7
ID: 24048566
And building on the previous comment the next step is to only allow stuff outbound as well. One primary goal of Crackers (we reserve the name hackers for people that like to hack stuff, i.e. not bad people...) is to be able to send spam.

So blocking outbound mail could be a good idea as well.

Cheers,

Jonas
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 25 total points
ID: 24048615
To put it simply, as Baz suggests....block everything, and allow only services that you explicitly need to, and make sure that access only occurs from IP's that you trust.

For example, if you know you need SSH access to the server from home, only permit SSH from your home IP address

Also - block outbound services.....as Jonas states.....unless you explicitly require those services - for example, if outbound mail is routed through a smarthost, permit only email to that host.

Linux is inherently more secure "out-of-the-box" - with no applications listening by default, but job ~1 for me when implementing a linux machine is getting iptables properly configured before installing any additional services....

You can check what ports (and applications ) are listening using

netstat -untap


0
 
LVL 3

Assisted Solution

by:nevvamind
nevvamind earned 25 total points
ID: 24057657
Since your only using SSH, you'll quickly get going with the rules above.

However, this wont save you from the ever so ubiquitous Dictionary based brute-force attacks.
For this you need something which dynamically adaps to persistent unauthorized authentication attempts.
So use either Fail2Ban (http://www.fail2ban.org/wiki/index.php/Main_Page) OR DenyHosts (http://denyhosts.sourceforge.net/).
..... btw, fail2ban is better !
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 24057818
You only need to worry about Fail2Ban if you're permitting SSH from any IP:

iptables -INPUT -p tcp --dport 22 -j ACCEPT

If you permit SSH only from specific IP's:

iptables -INPUT -p tcp --dport 22 -s xxx.xxx.xxx.xxx -j ACCEPT

then Fail2Ban isn't necessary - it is a great tool though if (like me) you use SSH from anywhere....
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now