Re: [gentoo-user] Hardening a laptop for travel - gentoo-user

From:	Andrey Falko <ma3oxuct@×××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Hardening a laptop for travel
Date:	Sat, 08 Dec 2007 18:46:49
Message-Id:	`350fc7cf0712081041u19b119di7e2c31a0e54f8116@mail.gmail.com`
In Reply to:	[gentoo-user] Hardening a laptop for travel by Grant

1

On Dec 8, 2007 8:35 AM, Grant <emailgrant@×××××.com> wrote:

2

3

> I have shorewall set up on my router but I haven't set up anything

4

> security-wise for my laptop which normally sits behind the router.

5

> What should I be setting up on the laptop in preparation for traveling

6

> and connecting via a foreign network or even directly to the Internet?

7

>  I don't run sshd on the laptop.  I would think shorewall, but am I

8

> forgetting anything?

9

>

10

11

At the very least I'd do the following with iptables:

12

13

iptables -P INPUT DROP

14

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

15

iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

16

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

17

18

This will make sure that there are no incoming connects except those that

19

you

20

initiated.

21

22

23

>

24

> # rc-update -s

25

>           alsasound | boot

26

>            bootmisc | boot

27

>             checkfs | boot

28

>           checkroot | boot

29

>               clock | boot

30

>         consolefont | boot

31

>                hald |      default

32

>            hostname | boot

33

>             keymaps | boot

34

>               local |      default nonetwork

35

>          localmount | boot

36

>             metalog |      default

37

>             modules | boot

38

>             net.eth0 |      default

39

>              net.lo | boot

40

>            netmount |      default

41

>          ntp-client |      default

42

>                ntpd |      default

43

>           rmnologin | boot

44

>             urandom | boot

45

>          vixie-cron |      default

46

>                 xdm |      default

47

>                 xfs |      default

48

>

49

> - Grant

50

> --

51

> gentoo-user@g.o mailing list

52

>

53

>

Gentoo Archives: gentoo-user

Replies

1	On Dec 8, 2007 8:35 AM, Grant <emailgrant@×××××.com> wrote:
2
3	> I have shorewall set up on my router but I haven't set up anything
4	> security-wise for my laptop which normally sits behind the router.
5	> What should I be setting up on the laptop in preparation for traveling
6	> and connecting via a foreign network or even directly to the Internet?
7	> I don't run sshd on the laptop. I would think shorewall, but am I
8	> forgetting anything?
9	>
10
11	At the very least I'd do the following with iptables:
12
13	iptables -P INPUT DROP
14	iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
15	iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
16	iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
17
18	This will make sure that there are no incoming connects except those that
19	you
20	initiated.
21
22
23	>
24	> # rc-update -s
25	> alsasound \| boot
26	> bootmisc \| boot
27	> checkfs \| boot
28	> checkroot \| boot
29	> clock \| boot
30	> consolefont \| boot
31	> hald \| default
32	> hostname \| boot
33	> keymaps \| boot
34	> local \| default nonetwork
35	> localmount \| boot
36	> metalog \| default
37	> modules \| boot
38	> net.eth0 \| default
39	> net.lo \| boot
40	> netmount \| default
41	> ntp-client \| default
42	> ntpd \| default
43	> rmnologin \| boot
44	> urandom \| boot
45	> vixie-cron \| default
46	> xdm \| default
47	> xfs \| default
48	>
49	> - Grant
50	> --
51	> gentoo-user@g.o mailing list
52	>
53	>