How do I secure Ubuntu

Terrlock

Left my system on last night, and woke up this morning to a message saying someone is trying to remote desktop onto your machine.

It gave his IP address and I traced it to some place in china.

So I'm a bit worried my system is wide open to hackers.

I am new to configuring firewalls on linux and I was wondering if anyone had any recommendations on locking down ubuntu without crippling it either.

Also is there any way to check if they got access to anything through other ports?



Thanks,
Terr

rfrederick

If you don't have experience configuring IPTables (firewall built into Linux) by hand I'd recommend installing the "gufw" package (search in the Software Centre for it). It's a graphical utility for managing the firewall. Enabling the firewall through gufw will populate it a "default deny" set of rules.

[edit]
On checking access on other ports you'd want to look at the logs for services that are listening to any Internet-facing network interfaces.

Terrlock

Thanks,

I'm just reading up on ufw.

I just installed firewall configuration which is a graphical interface for ufw

Is fufw any better ?

it's just that you have to add in ports on the allow and deny.

Stupid question do you have to add in every port you want to deny or will it deny anything that is not in the allow list.

It's just I don't see the point of the deny entry.

Thanks,

Terr

rfrederick

The attached screenshot shows what you should set gufw to to block inbound connection attempts.

By fufw do you mean ufw? gufw is essentially a graphical frontend for the ufw command line utility; it performs the command line configurations for you without the need to open up a terminal.

Tillotson

Do you have a router?
Check what ports are open and maybe turn off UPnP.

Terrlock

My router is from magnet...so is setup by them, can't change it.

It's configured in bridge mode so I get a public ip address when I use it.

Have to get another router and plug it into it...don't have one yet.

Quite vulnerable with an internet ip on my systems I guess.

rfrederick

There's at least one previous forum on Magnet that includes at least one procedure on obtaining credentials to the router's web interface if you want to switch to NATting your internal connections. Else there are additional steps that you can do to further secure your install, such as configuring the tcpwrappers files (hosts.allow, hosts.deny), adjusting kernel variables via sysctl.conf, and tightening access via common remote login services such as ssh, if installed.

oscarBravo

Terrlock wrote: »

Quite vulnerable with an internet ip on my systems I guess.

Not really. I have two Ubuntu systems here with public IPs, and they haven't been pwned.