First steps in Slackware protection
Today night i’m begin set up my local home server. Yeah! I chose Slackware Linux disr for my different test.
Today i’m write about my first security settings. It’s first steps without anything firewall, IDS etc …
1 ) We are must protect LILO. On default settings any user can read lilo.conf. Funny? That can saving passwords and other interesting trash. We are do next
# chown root /etc/lilo.conf
# chmod 700 /etc/lilo.conf
Now only root can read this configuration file. We are must know one more hack. When loading LILO and into the invitation line, if we are write linux single, or boot= or root=, we can take under our control – console of super user, or load kernel to any way. How fix it? Very easy… We must add 2 command into /etc/lilo.conf
restricted
password=examplepass
In this if you want select anything kernels, that you must enter the password. To more information write to console man lilo.conf.
2 ) Let’s limit an opportunity to remote login as root. If you need to remote login, then you can login as your login and then write command su for to be root.
Ok, now we have file /etc/securetty
———————————-
console
tty1
tty2
tty3
tty4
tty5
tty6
#ttyS0
#ttyS1
#ttyS2
#ttyS3
#ttyp0
#ttyp1
#ttyp2
#ttyp3
#pts/0
#pts/1
#pts/2
#pts/3
#pts/4
#pts/5
———————————-
In it are listed consoles, whence root can login. tty# – it’s consoles which you can switch Alt+F#. ttyS# – COM ports (modem, nullcabel). ttyp# & pts# – any virtual connections as telnet, ssh, shell etc… How you can see, directly login as root can only with PC (Localhost). Other connctions to root – off, i’m comment they #. Terminal console – it’s synonym tty1.
And more. I advise in /etc/ssh/sshd_config parametr PermitRootLogin set as “No”
3 ) OK, what next ?
Let’s increase leight password. Show file /etc/login.defs. Our parammeters must be next:
FAIL_DELAY = 3
SU_WHEEL_ONLY = NO
PASS_MAX_LEN = 16
MD5_CRYPT_ENAB = YES
Done. Now save this file and run command passwd, after change you password look at /etc/shadow 
4 ) Whence root can login more? Yeah! FTP! Look /etc/ftpuses. You must add in this list “root”. Remove all comments (#). This file сontains deny users.
5 ) Protect now versus local users, then have phisycal access to PC. If any joker push 3 magic buttins (Ctrl+Alt+Del) our computer will rebooting. To you need this? Sure – no…
Look /etc/inittab
…….
# What to do at the “Three Finger Salute”.
ca::ctrlaltdel:/sbin/shutdown -t5 -rf now
…….
You must only comment line before ca. Or if you with humor, you can change on other command.. For exaple echo “Go away dear windows user”
6 ) Run command nmap -vv localhost and look at the open ports on your PC Workstation. In first you must cooment unneed line into /etc/inetd.conf. Not meet for you port numbers, you can knowing in /etc/services. Be paranoidal, close all what to you unneed.
7 ) What more? Heh… Always check /etc/shadow & /etc/passwd on present a new users.
WARNING !!! On occurrence passwords at those users, at which earlier stood * (operator, news, nobody etc). Also to look /etc/group.
That i think all in first simply secure settings… I want added. After install Linux, remove please text file into /etc, the show many interesting info about your system. For example version, slackware-version etc… In next paper i’m trying say about firewall protect (iptables) and suid options. Thanks for read this post
Thanks johan
i hope on it