Linux Administrator's Security Guide - TurboLinux

TurboLinux 3.6 

TurboLinux has an install very similar to Red Hat’s, you are lead through text based console screens and asked questions, then the system installs the packages and you do some post configuration work (like setting up X). There are a couple of minor issues with TurboLinux you will need to “fix”, and there are several utilities that ships as standard with TurboLinux that I wish other distributions would include (like sudo).

inetd.conf

TurboLinux’s inetd.conf is relatively sane, however some services like rsh and rlogin are enabled by default, I would advise turning these off.

shell	stream	tcp	nowait	root	/usr/sbin/tcpd in.rshd

login	stream	tcp	nowait	root	/usr/sbin/tcpd in.rlogind

talk	dgram	udp	wait	nobody.tty	/usr/sbin/tcpd in.talkd

ntalk	dgram	udp	wait	nobody.tty	/usr/sbin/tcpd in.ntalkd

These should all be commented out (place a “#” at the beginning of the line), and restart inetd with “killall –1 inetd”.

inittab

TurboLinux (like most distributions) will let you boot into single user mode, and not prompt you for a password to access the system as root. You either want to put the “restricted” keyword in lilo.conf and add a password to prevent people from booting the system to single user mode without a password.

ipchains

ipchains is not shipped on the install CD, you will find it on the companion CD, or on the ftp site at: ftp://ftp.turbolinux.com/pub/TurboLinux/tlw-3.6-companion/TurboContrib/RPMS/. I would of course recommend installing ipchains and firewalling your machine.

SSH

SSH rpm’s are not available for TurboLinux 3.6 (that is to say I have not found any). The SSH rpm’s for Red Hat systems fail miserably, and the source rpm’s also fail to compile, SSH does compile cleanly from source code, with no problems. You can get the SSH source code from: ftp://ftp.replay.com/pub/replay/crypto/SSH/. To start sshd you need to minimally run “/usr/local/bin/sshd” at boot time from a script, it will look for it’s config files in /etc, and should start ok. 

Tripwire

One thing included on the companion CD with TurboLinux is a copy of Tripwire, I would advise using it. I am not sure what the license on this is (i.e. free for non commercial use only, or one license, or what). It appears to be Tripwire version 1.3, so it is not commercial.

Companion CD

As stated previously the Companion CD contains a lot of extra goodies (like Tripwire), as well as:

Amanda (a nice backup program)
ipmasqadm (used for port forwarding at the kernel level)
ipchains (used for setting up firewalling)
ProFTPD (a better ftp server then WuFTPD)
Squid (ftp and www proxy server)
Tripwire (creates checksum values on files and warns you if they change)

Updates

Updates for TurboLinux 3.6 (Miami) are available from: 
ftp://ftp.turbolinux.com/pub/TurboLinux/turbolinux-updates/3.6/.

 

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred Authentication solution?