I kept an article some years ago when I first tried redhat 6. Now some years later I have decided to go back to linux and found this article. It states that if you added in the line ALL: ALL in the file /etc/hosts.deny, it would stop others probing around your computer.....is this still valid information and is it still worth doing this ?

Thanks

Andy

Are U still using RH 6? I hope not.

But to answer your question about hosts.deny and ALL:ALL the real answer is YES and NO. Linux uses a daemon called inetd (or xinetd) in newer systems. It's job is to check service connection requests and source ip addresses for acceptance and spoofing. It first sets up the rules by looking at hosts.deny and then looking at hosts.allow. RH 6 has a number of ways where people can still get into your system. I do not recomend that you put this machine directly on the internet, at least not without setting up iptables or ipchains (firewall stuff)

hosts.allow has a specific format like:

service: ipaddress/netmask

where service is the english service found in the file /etc/services.

I suggest that you upgrade to RH9 or Fedora Core.

I am at present using RH9, so can I assume by what you are saying, that it is not necessary for me to alter the hosts.deny file ?

Andy

Probably not. You should have /etc/hosts.deny set to

ALL:ALL

Then make sure your /etc/hosts.allow file contains either NOTHING or only the services you want to have xinetd check. Again, if you have the box connected directly to the internet (via DLS or cable modem) you may want to check your firewall rules.

Personally, I tend to err on the side of caution when connecting to the internet. RH9 has a pretty good tool for setting up firewalls and there is alot of info on the net about basic configuration(s).

Personally, I screw down and padlock everything. And, I believe, for good reason. When I look at security logs for my firewalls I see maybe 200-500 attempts to hack per day.

If your box is on the internet and not behind a firewall, consider at least dropping ICMP packets (ping) response to make you a bit less obvious (cloaked).

Live long and prosper
HTH - Bill

Thanks for that Bill, I'm pretty new to linux so could I ask you to explain how to "drop the ICMP packets"

Andy

Building firewalls can be a big challenge. So rather than my trying to tell you how to do all of this I refer you to the internet where you can find great descriptions of how to set up a firewall AND how to have it be present when you reboot your machine.

Do a google search for "using iptables". You will get lots of great info about how to do this. In the mean time, if you just want to see how to do this try:

** Note you must be root to modify iptables, so open a terminal window and become root (su).

/sbin/iptables -A INPUT -p icmp -j DROP

What this really sais is: Add to the INPUT ruleset a rule that says that if protocol (-p icmp) is received, jump to the rule that says DROP (-j DROP). Note, icmp is the protocol used by ping.

You can confirm that this works by typping:

ping localhost

you will get no responses. This partially cloaks your machine and makes you less vunerible to the "ping of death".

As you may have no other rules setup (depends what you did on install) be especially careful if you enable services such as samba before you build your firewall.

HTH

Maybe this will help: I recently installed "guarddog" on my Slackware 10 machine and, after reading the man pages, setting it up was effortless, and it's working well. You can pick for RH 9 here...