How much time does it take to secure a linux system?
4 hours, yeah.. 4 fucking hours, especially if you are a newbie to the whole “networking” -iptables, ipchains thingamajiks…
I am trying to setup a small python based annotation engine and I am planning to let it into the wild on the internet (the horror!!) and as any normal chump who’s seeing the whole “web is the way to go for apps” mentality everywhere, I setup my application server behind apache using mod_proxy and let it run for sometime. And sometime in the fast moving internet space is 3 days, and on the third day.. I check my logs and I see lots and lots random people from all over the world trying to hack my damn server. Well this story is not about them.
So I decide to setup iptables – thats a pretty darn good idea, you might say.. except for one thing.. I don’t know anything about iptables. So, after browsing for almost an hour on tutorials, howtos, message boards, google groups..(has anyone noticed the search in google groups sucks?) I still couldn’t get anywhere.
Every tutorial out there seems to want to teach me what a TCP packet is or what link layer protocols are or the history of the whole IPTables filtering. Many would say thats great, you learn from the basics, you get your concepts straight. And to them I say “F*#$ you”. I just want to secure my damn server, not take the RHCE. And finally after three more hours of digging and reading the various “subtleties” of the IP protocol, I finally maanged to figure out what to do to secure my server.
Write 2 lines. Yeah, just 2 lines – the result for spending 4 fucking hours is not enlightenment, just getting to write two lines. For those who are using mod_proxy and don’t have linux networking guru to service you at your every beck and call, here are those two lines :
/sbin/iptables -A INPUT -p tcp -m tcp -s “your-hostname/ip/trusted subnet” -dpt:”application server port” -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp -dpt:”application server port” -j DROP
Where “your-hostname/ip/trusted subnet” should usually refer to the machine on which apache is running, In my case, the same machine. The “application server port” is the port on which CherryPy listens, by default i think its 8080. If you have multiple instances of CherryPy running, you would need to add similar rules for each instance (note : add the ACCEPT rules first, before you do the DROP rules).