Summary checklist

  1. Every service on your machine is a potential breakin point. Run this command: nmap localhost and you should see something like this:
    % nmap localhost
    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    Interesting ports on localhost.localdomain (127.0.0.1):
    (The 1596 ports scanned but not shown below are in state: closed)
    Port       State       Service
    22/tcp     open        ssh 
    631/tcp    open        ipp                     
    6000/tcp   open        X11                     
    
    Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
    
    
    you could question if you really need an ssh server running (i.e. do you need to ssh into your laptop). But as long as you're up to date on ssh, you should be fine.

    Common example of things you should most likely not have open are: sendmail, smtp, ftp, login, shell, sunrcp, http

  2. Download chkrootkit (or get it from /n/apus/linux/chkrootkit) and run the following programs:
    make clean sense            # <-- rebuild the package
    ./chkrootkit
    ./chkproc
    ./ifpromisc
    ./chklastlog
    ./chkwtmp
    ./check_wtmpx
    
  3. You can run the command (as root)
    %  rpm -Va > rpm0.log 
    and 
    
    
    

(linux) Laptops in the Astronomy Department

This page is supposed to help you guide you in making your linux workstation (roaming laptop, workstation in the office or at home) a little more astronomy department friendly. For some things you will need to have root access.

Some of the comments here may be somewhat more specific to a RedHat (5.2/6.0 at the time of this writing), but we will try and avoid being distribution specific. I am also assuming you are somewhat familiar with the tools to configure your machine, but here is outlined what you do. Not why.

Historically Linux machines open on the Internet have often been broken into, mostly because their owners did not properly secure them. Please consult the security tips and links therein how to make your machine less vulnerable to attacks. Be very serious about this, especially if you frequently have your machine "on the net" and escpecially if under a fixed IP. ("don't look for us, we'll find you").

Changing settings in the system files that are listed below normally do not require you to reboot your machine, but often do need you to restart certain daemons. If you don't know them, rebooting is the safest way. (*** need to add which PID's to restart below ***)


Peter Teuben (last modified: 24-Oct-2011 16:44 )