[LBo] HIDS

[Robert Spangler]

On Tue November 20 2007 08:05, Robin wrote:

>  Thank you very much sam,
>   Actually i have my laptop and it really has some important stuff that
>  is not supports to be know, so i try to protect it with the firewalls
>  but i cant tell that bla, bla is happening so, i really want it on my
>  laptop, i dont have a firewall and i dont have a dedicated machine for
>  that, the reason to why i need that guys is because i have some guy who
>  has tried many time to hack into my pc and for that am sure coz i could
>  see some logs, but i can't prove to him, he as accossionally tried to
>  change my password, so i dont want that to happen.
>  Am using OpenSuse 10.3.
>
>  Any help is welcome.

If your Laptop is a Linux OS I would install IPATBLES and use the following 
rule set.  Copy to a file, make it executable and run one time this will 
create a firewall rule set that allows everything out and nothing in that you 
have not started.  It will save the firewall configuration which should be 
started every time you reboot.

-------- Start --------
#/bin/bash
/sbin/iptables -F
/sbin/iptables -Z
/sbin/iptables -X
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT  -j DROP
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW -j ACCEPT
/sbin/iptables -save
-------- End --------

You can check your rules with the following;

/sbin/iptables -L -v -n | less -SCi

Look at your startup rc#.d to ensure that the firewall is started before the 
LAN interface is started.


-- 

Regards
Robert

Smile... it increases your face value!