Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

I've locked my box down too tight

From: sjm <sjm () porter acadaff appstate edu>
Date: Thu, 12 Jun 2003 11:30:39 -0400
In an attempt to set up a very secure server I have locked it down too much. I need to at least be able to ssh into it (Surely I can figure out the rest if I can get that far). I ran Bastille and selected the strictest options in most every case (Even to set default deny on tcp wrappers and xinetd). I have added rules to iptables to allow everything from my work machine's ip and to allow my work machine's ip in hosts.allow. I have also closed down EVERYTHING from the 'netstat -a' command that was listening except ports 80 and 22. The following are the changes I made:
added the following to iptables (the first rule in the INPUT chain logs connections): 
iptables -I INPUT 2 -s $WORK_MACHINE_IP -d $SERVER_IP -j ACCEPT

added the following to hosts.allow:
sshd: $WORK_MACHINE_IP $WORK_MACHINE_NAME

Also, what do packets go through first, tcp_wrappers or iptable, or something else?
The machine isn't even logging the connection attempts. I have the log level set to 'notice' for kernel messages. 

Thanks,

/*---------------------------------------------*\
|                                               |
|    Steve McKinney                             |
|    ARDI - Web Programmer                      |
|    sjm () porter appstate edu                    |
|    (828) 262-6553                             |
|                                               |
|    Developer:                                 |
|    http://sourceforge.net/projects/phpmaint   |
|                                               |
\*---------------------------------------------*/


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in 
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: