Hi all,

I installed Slackware 9.1 on my laptop a couple of weeks ago and I simply LOVE IT!

RH9 was on my desktop box. On the RH9 system I would every now and then go to sygatetech.com to have my system scanned for open ports, trojans, etc. and ALL results would show that ALL my ports were not only CLOSED but STEALTHED, which is optimal. I also had Guarddog 2.2 running. My RH9 security setting was initially on HIGH, DEFAULT.

Yesterday I decided to take the plunge and installed Slackware 9.1 on the desktop. No more RH9, too slow and bloated for my taste. After doing the usual security things like:

1. editing /etc/inetd.conf and commenting ALL lines
2. disabling ALL services from pkgtool/setup
3. installing Guarddog 2.2 and allowing ONLY DNS, FTP, HTTP, POP3 and SMTP,

I ran the sygatetech scan and, surprise, many ports were NOT STEALTHED, only CLOSED, which is a security hazard. Some of the ports found closed were ftp, ssh, telnet, smtp, dns, dcc, finger, upnp, trojan, tcmp, web, pop3, ident, netbios, https, socks proxy, web proxy.

Why the difference between RH9 and Slack 9.1?
Is RH9 more secure, or is there something I forgot to do, other than editing inetd.conf?

(Simple instructions please!)

Thanks a lot,
odin

RH has a simple and configureless GUI for iptables which you set on high

In slackware either you learn iprtables or install a linux firewall like Shorewall

Might I reccomend shorewall and webmin for a quick setup of a firewall. You may need grab the default set of rules for a single homed system but it's still a very good way of doing it. I use it at work and on my home systems. But if you're not wanting to go the shorewall way, grab an iptables script from somewhere and edit it to your liking or write you own.

Guarddog creates an executable script called "rc.firewall" using iptables (or ipchains depending on your kernel) and places it in /etc. Just move the rc.firewall script to /etc/rc.d and it'll run at startup in complete stealth mode. Or you can leave it where it is (good idea if you use Guarddog to change your configuration alot) and add a startup command to rc..local. Either way works fine.

Someone correct me if i'm wrong but if your ports are closed, as in there is no daemon listening, then they are secure. For someone to connect to a service and exploit it, there has to be something listening in the first place, because the daemon actually sits and wait for a connection.

Cheers

Correct.

Closed means it responds with a RST packet, stealth means it simply ignores it. Stealth is basically meant to hide the fact that anything is at that socket.

"Security through obscurity"

It's not a bad thing, but its not something to really get in a twist about. Either way, there's nothing to exploit.

Thanks all for your comments!

I downloaded Shorewall and found that it was beyond my humble Linux-ing capabilities, so maybe later.

dd78749: I followed your advice and placed rc.firewall in /etc/rc.d and everything was fine. Had to open HTTPS for sygatetech to scan, but all were STEALTHED. Excellent!
Thanks again!