[gadfly]

Being new to Linux - I'm don't know a lot about how to configure for the best possible security.

At present I am monitoring my system re: system monitor - in order to get an idea what is running at any given time. Unfortunately I don't have anything to compare it to - like what SHOULD be running.

For example - Today I was browsing (in my user account - not root) when I noticed that my harddrive was kicking in at an ununsual rate. The monitor displayed some 'root' functions - like 'xwindow', kicker (whatever that is), sendmail . . .

At one point I tried to shut down the 'dial up' re: deactivate modem and couldn't even bring it up on the screen. I thereby simply disconnected the phone jack.

I didn't understand why sendmail was registering in the system monitor - as I don't have my computer set up as a server of any sort.

I went into 'root' and via start>network servers> unchecked the box which said "sendmail" . This hasn't seemed to prevent me from accessing and sending emails via KMail. Am I correct?

I also noticed - when viewing the log files - that there was an entry saying that my computer was listing at ports for incoming? A lot more was stated - but unfortunately I am not familiar enough with Linux to decipher these.

Given this - although I recognize I am asking a lot. Would someone be able to compile a 'newbie' guide for setting up safe configuration. Basic stuff for those of us not running any sort of server. I've found various bits of information in my searching through threads etc. But it's hard to bring this all together into a comprehensive 'list' of 'todo's' when you first set up Linux (RedHat9). If such a to do list were available as a 'sticky' I think it would be of benefit to many of us just starting out with Linux.

For myself - I set my firewall at high - and did the best I could for ensuring proper config. - but I don't know enough to feel comfortable about this. For example - it has been mentioned in various threads about 'blocking' unused ports. But how do I view which ports are open - and how do I know which one's are required for my Kmail, and Konquerer browser???

Sorry to sound confused - but I AM confused

Any advice - greatly appreciated. And should someone have the time and energy to compile an easy, step by step guide to 'network security for the newbie' - that too would be greatly appreciated.

Thanks

Gadfly

[BillC]

Hey Gadfly....I'm not the person to help with what applications should or should not be running except to say that if you are not sending mail, your e-mail client should not be sending mail! I'm thinking that you may have a spammer that has hijacked your machine to mail spam.

I'd do an antivirus scan at TrendMicro Housecall and an antitrojan scan at GFi's Trojan scan. Try those .

And I would not give any program 'server'{listening} rights in your firewall. What firewall do you use and have you granted server rights to any application?

[gadfly]

Thanks for your prompt reply - it certainly helps - especially as I've posted questions on other Linux forums - and haven't even met with so much as a 'get lost looser ' (which - oddly enough -I'd preferr to no answer at all).

Thanks for the tips on 'virus scans' - I'll check those out for sure.

Re: giving programs listening rights - I didn't know I had -and I'm not sure how to check to see what programs have what rights. (the inherent problem of being a 'newbie' you only discover these things by accident!!)

As for firewall - I only have the 'firewall' as set up on install - it's set to high - and the install itself was workstation (not server) with a couple extra programs included i.e. KDE, and the office suite. As such - it came as a surprise to me when I notice that 'sendmail' was registering in my system.

Thanks for your tips - and any more such tips re: what to check - would be great. I truly appreciate your taking the effort. In fact - I have to admit - having posted a number of questions in a number of different Linux specific forums - this forum has proven to be the best re: timely, informative advice.

Catch ya later

Gadfly

[Whiteskin]

i belive that sendmail is a standard "service" as they call them on win systems. It is used even to deliver interuser mail (such as mail to root etc.) I wouldnt kill sendmail completely, but i would be doing research.

[gadfly]

I'm trying to read up on exactly what 'sendmail' is. One of the website I'd browsed mentioned shutting it off if you weren't using it specifically as a server - they guy said that your regular email program would function without it. That seems to be the case - although I am still trying to cull info on it - as even the fact that it was in my system and working as default came as a surprise to me. It's often difficult to find all the info you require in order to make an intelligent decision when your already ON the internet - and it appears that your computer is doing it's own thing!!! before your very eyes.

Having used Window for a number of years - and configured Norton to 'fort knox' mode whereby it warns you of everything that goes in and out - Ive found that I'm slow at making the shift to having to track down 'indicator' that would let me know when something is amiss.

Obviously - in this case - the hacker was faster than I was. Although I can feel somewhat sorry for the poor *******!! Given my slow running computer - coupled with my slow dial up connection - and virtually nothing of interest in my machine - it must have been a frustrating experience at best

But - I would like to have things properly configured BEFORE I have anything worthwhile in the machine.

BillC - I tried your links to scan - but they wouldn't take - and all I could find for information was related to windows prog's - like IE etc.? Do they work with a system only running Linux (ie. not dual boot?)

Thanks again you guys.

Gadfly

[BillC]

Duh. Forgive me...I just totally ignored you're using Linux. Well, the good news is there are not many Linux viruses or trojans. The bad news is most online scans will not work for Linux.

I found a linux antivirus software program from F-Prot antivius. You can find it at this link. The product is free for home use.

[gadfly]

Thanks BillC .

There is the possiblity of course - that my computer simply 'hung up' and caused all the weirdness. I'm hoping that would be the case. It's hard to believe that after using windows for two year without so much as a snivel of a virus - that 3days after I install Linux - the one sole hacker out their manages to find me. Now wouldn't THAT be ironic

anyway - I'll check out your link - thanks

Gadfly

[Whiteskin]

I really doubt that you were hacked. It just doesnt seem plausible for me, espcially since you were on dialup. That and most of the holes in Linux that people can get though are holes that only happen when you run things like apache and other major web services. Since you are on dialup i dont think you are running a webserver!

[codejockey]

A couple of quick points:

(1) Sendmail is standard-issue on most Linux systems, and is typically set as the default mail transport agent (deliver incoming mail, route outgoing mail). The fact that it is running does not necessarily indicate a security problem.

(2) To see a list of all active processes, you can use the ps -ef command from the command line.

(3) To see a list of all active ports (open, listening, connected) you can use the netstat -tap command from the command line.

(4) To see which services are available on your machine, you can browse the file /etc/inetd.conf; any line that does not begin with a hash ('#' = comment) is a service that is available on your machine.

(5) To test your machine for open/available ports, try going to www.grc.com and selecting the shields up! option. Follow the prompts, and you'll have a quick check of the most common entry points on your machine.

In general, you should run only those services that you need, and no more. For example, you may not need ftp access to your machine from the internet, so you should disable that service in /etc/inetd.conf (add a comment character as the first character of the line). When you have finished making changes to the /etc/inetd.conf file, either give the command kill -HUP `pidof inetd` from the command line or reboot your system. Note that you should be root in order to give these commands and to edit the /etc/inetd.conf file.

Hope this helps.

[gadfly]

Thanks Whiteskin - for the reasurring comments. The more I thought about it the less it seemed feasable - it certainly defied everything I'd read about Linux re:dial- up, security level with firewall set on high, not running a 'server' of any sort - but being new I didn't want to discount the possibility that through my own stupidity - I'd done something (or failed to do something) which allowed for the 'improbable' to happen. Not being familiar enough with Linux I couldn't adequately decifpher what I read in the log files - and that added to my insecurity. Your reassurance helps me feel more comfortable about the incident 'being just a hard drive glitch'.

Thanks to you codejockey - your 'quick point' are excellent. I'm printing them out - and adding them to my file on security tips&tricks - for reference.

This month I'm definately dedicating to learning more about Linux security - you input will help.

Thanks again.

Gadfly

[Whiteskin]

about the drive, if you had crahed recently and were using certain fs, they delay the check until the system is up and running, so it could have been fschk.

[gadfly]

Good point - I only wish it were the case.

Unfortunately - this HDD is sounding very old - due to rough handling in shipping - plus limited memory which is forcing it to work non stop. An overhall is slated for 'next months budget' - till then I am simply hoping it doesn't die.

Still - your point is a good one - and under normal circumstance - the more likely cause.

Thanks

Gadfly

[Whiteskin]

Of course that happens only if you have crahsed recently!

[gizard]

Linux tries to use the HD as little as possible. The data is store in RAM and when the user is idle the data is written to the HD. This is why you hear the harddrive churn when you are not doing anything..

Gizard

[gadfly]

Thanks for that bit of info Gizzard - I had it in my head that this was totally the opposit i.e. the hard drive should only be going when your doing something. It's good to know otherwise.

Gadfly