[olug] Idea for Oct OLUG meeting - Security Step 1

Lou Duchez lou at paprikash.com
Tue Sep 5 10:55:23 CDT 2017


i don't feel things are tolerably secure until:

1) Move SSH to a non-default port (assuming you want to run SSH at all).

2) If you intend to run any services accessible to other systems, 
install Fail2Ban.

3) Open only those ports you can justify.

4) Block traffic from foreign IPs.  This is a matter of writing a script 
that builds my iptables rules.  I don't have an absolutely definitive 
list of IP blocks from around the world, but this is what I've been using:

---

N Filename iptables.rules
N Russia .ru
89.0.0.0/8

N RIPE.NET (Europe, the Middle East and parts of Central Asia)
62.0.0.0/8
77.0.0.0/8
78.0.0.0/8
79.0.0.0/8
80.0.0.0/8
81.0.0.0/8
82.0.0.0/8
83.0.0.0/8
84.0.0.0/8
85.0.0.0/8
86.0.0.0/8
87.0.0.0/8
88.0.0.0/8
89.0.0.0/8
90.0.0.0/8
91.0.0.0/8
193.0.0.0/8
194.0.0.0/8
195.0.0.0/8
212.0.0.0/8
213.0.0.0/8
217.0.0.0/8

N APNIC (Asian Pacific Network Information Center)
58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
61.0.0.0/8
202.0.0.0/8
203.0.0.0/8
210.0.0.0/8
211.0.0.0/8
218.0.0.0/8
219.0.0.0/8
220.0.0.0/8
221.0.0.0/8
222.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
120.0.0.0/8
121.0.0.0/8
122.0.0.0/8
123.0.0.0/8
124.0.0.0/8
125.0.0.0/8
126.0.0.0/8

N End APNIC Addresses

N LACNIC (Latin American and Caribbean Network Information Center)
189.0.0.0/8
190.0.0.0/8
200.0.0.0/8
201.0.0.0/8
N End LACNIC

N Add .EU here?
N duesentrieb.kunst.uni-frankfurt.de
141.0.0.0/8
N end .EU

88.0.0.0/8
85.0.0.0/8

---

So I keep that data in a file ("blockedips") and in my firewall script I 
have a command like:

for line in `/bin/egrep -o 
"^(\s|\t)*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(/[0-9]{1,2})?(\s|\t)*" 
blockedips`; do /sbin/iptables -t filter -A input -s $line -j DROP;done




> I'm the officiate for the Oct and Nov OLUG meetings, and I'm thinking of
> speaker ideas, let me know what you think.
>
> Security Step 1 - what to do after you finish your linux install to 'lock
> your box down'
>   - Audit running processes
>   - Audit startup scripts (basic overview of systemd)
>   - netstat -anp | grep LISTEN
>   - host-based firewall
>
> Anything I'm missing? What other things do you all do from a security
> perspective right after your initial install?
>


More information about the OLUG mailing list