Securing-Optimizing-RH-Linux-1_2_48
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
48
A "SYN Attack" is a denial of service (DoS) attack that consumes all the resources on your
machine, forcing you to reboot. Denials of service attacks (attacks which incapacitate a server
due to high traffic volume or ones that tie-up system resources enough that the server cannot
respond to a legitimate connection request from a remote system) are easily achievable from
internal resources or external connections via extranets and Internet. To enable it, you have to
do:
[root@deep /]# echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Add the above commands to the /etc/rc.d/rc.local script file and youll not have to type it again
the next time if you reboot your system. If you intended to install the IPCHAINS Firewall rules
described in this book (see chapter 7 Networking Firewall), you dont need to make this
command, since its already appear in the Firewall script file.
NOTE: If you receive an error message during execution of the above command, check that you
are enable the TCP syncookie option in your kernel configuration: IP: TCP syncookie support (not
enabled per default) (CONFIG_SYN_COOKIES) [Y/n/?].
19. The /etc/services file
The port numbers on which certain "standard" services are offered are defined in the RFC 1700
"Assigned Numbers". The "/etc/services" file enable server and client programs to convert service
names to these numbers (ports), the list is kept on each host and it is stored in the file
"/etc/services". Only the "root" user is allowed to make modification in this file and it is rare to edit
the "/etc/services" file to make change, since it already contains the more common ones service
names to port numbers. To improve security we can immunize this file to prevent unauthorized
deletion or addition of services.
·
To immunize the /etc/services file, use the command:
[root@deep /]# chattr +i /etc/services
20. The /etc/securetty file
The /etc/securetty file allows you to specify which TTY devices the root user is allowed to login
on. The /etc/securetty file is read by the login program (usually /bin/login). Its format is a list of
the tty devices names allowed, and on all others tty that are commented out or doesnt appear in
this file, root login is disallowed.
Disable any tty that you do not need by commenting them out (# at the beginning of the line).
Edit the securetty file (vi /etc/securetty) and comment out the following lines:
tty1
#tty2
#tty3
#tty4
#tty5
#tty6
#tty7
#tty8
Which means root is only allowed to login on tty1. This is my recommendation, allowing root to
log only on one tty device and use the su command to switch to root if you need more tty
device to log on as root.