ArvinderKang.com » security http://arvinderkang.com The world is my backyard. Thu, 29 Jul 2010 22:58:55 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Postfix install and Security talk http://arvinderkang.com/2009/03/07/postfix-install-and-security-talk/ http://arvinderkang.com/2009/03/07/postfix-install-and-security-talk/#comments Sat, 07 Mar 2009 20:48:10 +0000 Arvinder Kang http://arvinderkang.com/2009/03/07/postfix-install-and-security-talk/ Continue reading ]]> Father son

Once your OS is grown enough to play (I mean installed), you have to sit down with it and do the SECURITY TALK.

A little on the philosophical side of it, I think sense of security is just a fad and a perception. You are secure when you start feeling it, or we can keep on going paranoid tweaking it deeper and deeper, there will always exploits to to be known, more tools to be learnt, more WMDs to be discovered!

Always have a second plan- backup your data.

Lets get back to our Linux Box.

One of the requirements that our installs are going to have is a mail server. The linux box can email me complaining it has stomach ache, or any activity that goes on it.

TechRepublic has an old, yet not obsolete article for recipe indegrients of a mail server. We just need postfix.

After some reading about postfix, here is the route I took

$ sudo aptitude install postfix

Now head over to the postfix configuration documentation and tweak the settings. The only change I did was to make sure that my server is relaying mail originating only from local machine.

$ sudo vi /etc/postfix/main.cf
    mynetworks = 127.0.0.0/8

Save and exit. Now reload the changes.

$ postfix reload

Remember? We had put up a firewall on this box. However, nmap scan from another machine shows port 25 open (smtp being used by postfix.) Lets add some rules. User --dry-run to test command syntax.

sudo --dry-run ufw deny proto tcp from 0.0.0.0/0 to xx.xx.xx.xx port 25
sudo ufw deny proto tcp from 0.0.0.0/0 to xx.xx.xx.xx port 25

I think, I’m not as happy with ufw. Its good for starters, however it does not have advanced flexibility. I’m going to return to Shorewall within coming weeks.

Although linux machines hardly have the risk of being affected by viruses, still they can be threatened by trojans, worms by a vital part replaced by a rootkit.

chkrootkit is a tool to locally check for signs of a rootkit.

$ sudo aptitude install chkrootkit  
$ sudo chkrootkit

The run returned system not infected. Next lets install Rootkit Hunter. .Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits.

$ sudo aptitude install rkhunter
$ sudo rkhunter -c --skip-keypress

We came out clean.

Next I should look at AppArmour and GRSecurity. However there are other things crying for my attention. I’ll come back to them later.

The security paranoids can look at top 100 security tools.

Photo credits: GD Senior @ Flickr

]]> http://arvinderkang.com/2009/03/07/postfix-install-and-security-talk/feed/ 0