Setup a new Linode and left it open 2 days - problem?
I just setup a Debian 7.4 Linode and thought iptables was loading a configuration, but it was loading an empty configuration because I screwed something up. Fail2Ban was running, but zilch for an iptables configuration.
The time period was about 48 hours.
Do you think I'm okay, or would Debian 7.4 get hacked like crazy during that amount of time?
I haven't noticed anything weird…just being cautious. I had one WP site running, but it has it's own WordFence firewall running.
Thanks!
12 Replies
B) Credentials matter way more than iptables when it comes to securing SSH: strong keys or passwords.
C) Wordpress is orders of magnitude more likely to be compromised than SSH, and I doubt "WordFence" helps.
- Les
So what I'm wondering is, with no ip tables running, would that have left ports open that could have been compromised? Or if my SSH login was solid, am I probably okay?
*My past in IT was windows server, and throwing a windows server online with no firewall was instant death.
- Les
I'm newer to Linux admin, but I didn't open any ports specifically. I just deployed Debian 7.4, installed Apache2, MySQL (secured) and PHP. Oh, and setup an Exim SMTP server with no relay.
Thanks for putting my mind at ease man.
sudo ufw status
That's to make sure you have the ports open that you want. From a client that can run nmap I'd run:
nmap -sV -T4 -A -v yourserveriphere
If you don't want to install and run nmap (and your ISP might not like you running nmap, IDK) then you could use Steve Gibson's Shield's Up service, it's free, Google it.
@jebblue:
when you start it up the IP wont' be in the stack so use Lish to login
Not sure if we're talking about different things, but a newly deployed Linode will boot with its IP up, via DHCP.
Also, the "burn it down" strategy seems massively excessive in this case. The firewall has so little to do with system security for 90% of people, I'm not sure why nuking it from orbit is recommended. SSH is resilient with strong credentials, firewall or no, and the main thing that aren't secure are things like databases that should be bound to the local interface only anyways.
- Les
@akerl:
@jebblue:when you start it up the IP wont' be in the stack so use Lish to login
Not sure if we're talking about different things, but a newly deployed Linode will boot with its IP up, via DHCP.
Also, the "burn it down" strategy seems massively excessive in this case. The firewall has so little to do with system security for 90% of people, I'm not sure why nuking it from orbit is recommended. SSH is resilient with strong credentials, firewall or no, and the main thing that aren't secure are things like databases that should be bound to the local interface only anyways.
- Les
I'd configured mine for static so I guess I'd forgotten that it will boot from DHCP. That's probably not a wise policy for Linode to have for new Linodes, IMHO.
I stand by my recommendation that the OP should wipe it and start over.
@theatereleven:
Okay, sweet. So that's probably how Windows servers get hacked so fast…they have a bunch of ports open for stuff.
No, it's usually a direct result of a user (or application) having more access than they know how to responsibly handle. I'd say any Windows OS released since the turn of the century is roughly as secure out-of-the-box (with a proper bare-bones install, applicable updates, and good passwords) as your average Linux distribution.
I recommend installing some evals of Microsoft OSesBackTrack
@hoopycat:
@theatereleven:Okay, sweet. So that's probably how Windows servers get hacked so fast…they have a bunch of ports open for stuff.
No, it's usually a direct result of a user (or application) having more access than they know how to responsibly handle. I'd say any Windows OS released since the turn of the century is roughly as secure out-of-the-box (with a proper bare-bones install, applicable updates, and good passwords) as your average Linux distribution.
Historically Windows was wide open for attack; it had a bunch of exposed ports (eg SMB) and a mega-tonne of vulnerabilities.
As you say, though, a modern Windows is pretty secure. Most vulnerabilities have been fixed. However, there's always new ones so having SMB open is still a risk. Which is why Microsoft OS's also come with an enabled firewall, by default. Microsoft fail a core security concept; "if you don't have something installed then it can't be used for an exploit". Windows is dependent on a good firewall config because it inherently runs so many network services.
Now to be fair, Linux historically also came with a load of default services. Back in the RedHat 4 (the original RedHat 4, not RHEL) days the joke used to be "how long from after installation to exploit" (the most common was people using stupidly weak passwords, which is still a risk today). Today, however, a modern Linux install doesn't run things. Some distros don't even run sshd by default. "If you don't install it, it can't be exploited". Linux distros, typically, aren't dependent on firewalls for security.
Both OSes also historically came with poor defaults (eg sendmail allowing open spam relay; IIS allowing access to source files, etc etc). Both OSes are better at this, as well.
I don't run firewalls on my linode. I do run a perimeter firewall at home (on the router) because I run additional services internally which I don't want exposed to the internet (eg NFS).
@hoopycat:
I'd say any Windows OS released since the turn of the century is roughly as secure out-of-the-box (with a proper bare-bones install, applicable updates, and good passwords) as your average Linux distribution.
The two days the OP mentioned concerns me nowhere near as much as saying put Windows online without a firewall for more than 15 minutes.
edit: fixed quote attribution.