Re: [cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more

["Carrie Bartkowiak" <ravencarrie@xxxxxxxx>]

> Anyway the nice teacher in me to the nice girl with the "big
honker"....
> I'll give you a D-   ...   See below.... :)

Ouch! I haven't gotten a D- in years! (Then again I haven't been to
school in years...)

> > Get SSH2:
> -4 (was 5)
> you just gave your hacker a client

Better than a telnet client though, yes?  Or do you mean that I let
him know exactly what I was using, so *that* is how I gave him a
client?
I have to have a client to get into the machine (it's not where I'm
at) - so that security risk is necessary.

> > If it works, add the SSH to the startup files:
> -5
> Messy way to do it... and you shouldn't count on it....
> did you chkconfig?

I don't believe so, but I did test it thoroughly before adding it to
the startup files - including restarting the machine to make sure it
would still let me back in.
Do you mean that putting that line into rc.local is messy?  I'm
looking at my other server now, and that's how you did it... *grin*

> > change it to something like :
> > Port 52
> > Protocol 2
> -5
> Misleading

Exactly! Why have it running on the same port everyone else is running
on?
Btw, these are instructions that I followed from the security list; I
didn't make 'em (I can go dig up who did though if you wanna bonk them
over the head).

> > Locate the start script in /etc/rc.d/rc3.d
> > and type something like ./S55sshd restart
> -5
> Misleading

How? You are putting 'misleading' for a lot of this stuff, but I don't
understand what you mean. I'm a Scorpio and a brain-frazzled mother.
Cryptic is not good. :)

> > To get Webalizer to run before logrotate, rename it:
> > # mv /etc/cron.daily/webalizer.pl /etc/cron.daily/awebalizer.pl
>
> -15
> Misleading
> outdated software
> This isn't the best solution even if it was mine....
> (still dosent work)

It works fine for me, always has. I'm not putting in the newest
version of Webalizer until I read here in the list that most of the
people who've tried doing it aren't reloading their systems anymore.
It has seriously screwed up a *lot* of systems while you've been away.


> > To get it to leave statistics on heavy-traffic sites, go into
> > /etc/webalizer.conf and set Incremental to 'yes'.
> -5
> Misleading

Again, how? It works.

> > Restarting inetd after dropping some new entries into hosts.deny:
> > # /usr/sbin/inetd restart
> -5
> Misleading

How?
Is this the wrong command?

> >
ftp://rpmfind.net/linux/redhat/6.2/en/os/i386/RedHat/RPMS/ipchains-1.3
> > .9-5.i386.rpm
> -10
> Who made this rpm for you? (The guy in france?)
> What files did it install.....   oh that virus one.....

I use rpmfind when I can't find it anywhere else. I consider it a good
source?
Besides, I can't afford to pay people to make rpms for me... :)

> > # mv ipchains-1.3* ipchains-1.3.rpm
> > # rpm -i ipchains-1.3.rpm
> -5
> Misleading

How?

> > IPChains is now installed. The startup script is in
/etc/rc.d/init.d
> > as ipchains
> > or
> > # service ipchains start
>
> -5
> Incorrect startup

That's the command I was given, I'll check it - it does try to start
the program (and stops for me, but works for at least one other person
that I know of).

> ipcahins
>
> > # make clean (my raq grumbled at me with this)
> > # make (some notes, more grumbling)
> Not quite sure what problem you where having

That makes two of us. :)

> (portsentry)
> > (Dunno why, but I had to get the 'portsentry' file from old
machine
> > via ftp and drop it in this directory for install to work)
>
> -15
> no make
> no/bad config
> Misleading

No make - you've got me there.
No/bad config? Portsentry comes with default configurations set that
most users won't need to change, unless they want to go to 'anal'
mode, or switch things to send to ipchains. For the average user,
there is no config necessary.

> > LogCheck:
> -10
> No Config

I should put in a disclaimer that I config after making sure the
install goes correctly, I suppose.
Spent too much time configuring stuff that wouldn't install correctly,
had to do it all over again - now I just let it install and then go in
and make the changes that I want. Saves a lot of time.

> > # pico /root/crontab
> -10
> dangerous
> unneccessary

Dangerous how?
Unecessary how?
If someone doesn't understand the ins and outs of crontab, this works
just fine.
I am one of those people. :)
crontab -e gets me nothing but a screen of blue wiggly lines, and
whenever I try to put in my cron command it bitches at me. (Then I
can't get out of the damn thing.)

> well thats enough ... I have to get back to what i'm suppose to be
doing....

I'd really appreciate it if you clarified a bit more here.
I can't fix what I'm doing wrong unless you tell me what I'm doing
wrong... and "misleading" is rather... well... misleading.  :)  It
makes me think I did something wrong, but I have no idea what exactly
you're unhappy with.

If by all of these 'misleadings', you are saying that I am misleading
people into thinking their server is secure - that's certainly not my
intention. I just wanted to help people get this stuff installed, they
should always remain paranoid. :)  You know me, the only way I'd think
my server was secure would be to put it in a cement block and drop it
at the bottom of the ocean!

Still glad to see you back. :)

CarrieB