Open source tools for security configuration, administration

James Turnbull drills down into Linux security administration and suggests some free, open source tools you can use to beef up your organization's security.

In the first two tips of this series, author James Turnbull explained how firewalling with Linux may or may not be more secure than with Windows, and provided the basics of two important security building blocks within the kernel, netfilter and iptables. Here, he drills down further into Linux security administration and suggests some free, open source tools you can use to beef up your security. -- Editor

Do you recommend using iptables or a distro-specific tool for security configuration?

I firmly recommend that before you decide to use a tool, you gain an understanding of the way iptables rules are constructed and how iptables is configured.
James Turnbull
Security consultantCommonwealth Bank of Australia
James Turnbull: This is a tricky question to answer as there are a lot of variables involved. Firstly you need to consider how comfortable you are with using iptables and with networking generally. You also need to take into consideration that distro-specific tools for enabling and managing firewalls are often aimed at a broad audience with a varying level of skills. They are thus designed to be approachable by less skilled or beginning administrators. This results in a tool that provides some broad and often basic protection for your host, whilst trying not to overly limit the functioning of your applications.

These tools often make assumptions about the default settings of iptables. This can sometimes create the illusion that your host is securely firewalled. For example, the default policy of the Red Hat Lokkit firewall management tool is to accept traffic. Most good firewall policies would do the reverse -- deny all traffic and only accept traffic you explicitly specify.

This being said, some tools are excellent and designed to provide a complete and highly flexible interface to iptables.

What are some examples of distro-specific or GUI-based configuration tools?

More security tips from James Turnbull

Hardening Linux: Firewall implementation

How netfilter and iptables harden Linux

Eliminating spam with SpamAssassin, DSPAM and ClamAV

Ask James your security questions

Turnbull: We've seen that Red Hat comes with its own tool, Lokkit. The Lokkit tool comes in a command-line and Gnome GUI form and is very simple to use but is limited in what it can configure and do. Also, as I've highlighted above, its use of default accept policies can be problematic. A variety of other tools also exist ranging from simple to very complicated (all the tools I'll discuss here are open source and free). These include:
  • Fwbuilder, which is a sophisticated multi-firewall (it also supports Cisco PIX, BSD pf and ipfilter) rule builder. It has a GUI interface and is designed to output complete, functional firewall configurations. It can be quite complicated to use and is not recommended for beginners.
  • NARC (Netfilter Automatic Rule Configurator): a Bash script which runs from the command line and allows you to configure iptables. It has a strong focus on helping you configure rules that handle abnormal traffic (for example, blocking Smurf attacks, IP spoofing and SYN floods). The command-line interface can be intimidating for beginning users though.
  • Turtle Firewall is a Webmin-based firewall admin tool. It allows for the configuration of firewalls using an object-based system. If you are using Webmin for your administration, this is an excellent tool.
  • Firestarter is another GUI-based firewall configuration tool. I have found it personally easier to use than many of the other tools and its interface is clear and simple to navigate and operate. It also contains a real-time event and connection view of your firewall that allows you to monitor your firewall from the tool.
Overall I'd say tools can be very useful -- if you understand what you are doing with them. I firmly recommend that before you decide to use a tool, you gain an understanding of the way iptables rules are constructed and how iptables is configured. If you are comfortable with using the iptables command, then I believe it provides one of the best possible mechanisms to configure and control your firewall and to ensure you fully understand how your firewall is constructed. This knowledge will also allow you to determine whether a tool is doing the right thing and whether you are deploying a solid firewall.


In addition to securing outsourced services for the Commonwealth Bank of Australia, James Turnbull is the author of Hardening Linux and resident security expert on SearchEnterpriseLinux.com.
This was first published in August 2005

Dig deeper on Linux administration tools

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close