[olug] Reccomended security checks

Dave Hull dphull at insipid.com
Thu Jun 2 03:54:52 UTC 2005


Quoting Brandon Lederer <brandon at tolkien-movies.com>:

> Recently recovering from being hacked...... I want to secure things 
> down a bit
> more.  What things to you all do and/or reccomend to be checked and done on a
> fresh install of whatever distro is your flavor of choice in order to secure
> it?

The obvious answer is that it depends on your environment and what purpose the
machine in question serves. Given that, allow me to speak in generalities and
in no particular order.

Realize that security is a process and that you're going to have to be 
vigilant,
applying patches as needed, monitoring log files and system stats regularly.

On several hosts I run, I've set up a cron job to download and install any
available updates hourly. You should consider the implications of this before
adopting it in a production environment.

Turn off any services you don't absolutely need to be running.

Subscribe to a mailling list for security notices for your distro if there is
one.

Use some checksum monitoring software to verify the integrity of system 
binaries
and config files.

Configure iptables or some other packet filtering firewall to restrict 
access to
the system.

Never authenticate in plain text over the wire.

Install SELinux and/or Bastille.

Download the source code for everything you have installed and audit it 
line by
line (including the compiler) and correct all bugs and holes and recompile
every application by hand (including the compiler).

That last one is a joke, btw, but it makes a point that there's only so 
much you
can do. There's a trade off between security and usefulness. How you 
strike that
balance depends on your situation.

Good luck.

-- 
Dave Hull
http://insipid.com




More information about the OLUG mailing list