Results 1 to 6 of 6

Thread: linux security without compromising...

  1. #1
    Senior Member
    Join Date
    Mar 2003

    linux security without compromising...

    i know that this has been answered several times, and that by searching i could probably get close to a correct answer, but i don't want to make any bad assumptions on my own from my searches, so i'll ask this very directly.

    I'm setting up a small linux box as a test system of sorts outside our company network. i plan on hanging this on a router outside the company's firewall. What is the best way to ensure security on this bad boy, without going overboard. i'm installing turbolinux workstation 4.0.5, if that helps.

    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

  2. #2
    Join Date
    Mar 2003
    Ok, tath depends on wath kind of box will you install (i.e. webserver, fileserv,etc).

    Acording of the type of services that you will enable, we could give you a more especific answer.


  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA

    Well I'd think..

    1. Determine what the box will be used for. Eliminate (uninstall) any services not needed. This includes XWindows, games, etc.

    2. Ensure good passwords

    3. Use encryption rather than plain-text (SSH over Telnet, SFTP over FTP)

    4. Update/patch any services you have to have running

    5. Put a firewall on it (IPTables/Ipchains) to deal with unwanted attacks

    6. Some type of logger to a remote location in case the box is compromised, you'll have a record of events (visit http://www.honeynet.org/papers/honeynet/tools/ to find a bash shell that records all keystrokes).

    7. Perhaps install a kernel security feature like www.grsecurity.net

    8. Research, research, research. Find the vulnerabilities and fix them.

    9. Repeat as needed.

    There are some books, if that is up your ally, that can give you some direction like Real World Linux Security and/or Practical Unix and Internet Security
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Junior Member
    Join Date
    Apr 2003
    1) use ingress packet filtering (in linux, `man iptables`)
    2) turn off all unnecessary services (check open ports with `netstat -na | grep -i listen`)
    3) apply vendor patches.
    4) monitor vendor security lists and apply recommended patches.


  5. #5
    well start off by getting a port scan and sealing all unused ports

    encrypt as many files as possible

    ensure all passwords are 100% secure (if possible)

    and always keep a log of all operations so if someone does get in you know how they did it and how to fix the problem

  6. #6
    Join Date
    Feb 2003
    " What is the best way to ensure security on this bad boy, without going overboard."

    Install Tripwire or Aide on the system to monitor your files closely for
    unauthorized changes: additional files added to the system, changes in
    your system permissions& owners, replaced login, trojaned ssh client,
    hidden sniffers placed in magic places you wouldn't guess. I recommend
    you compile and install the latest chkrootkit program to help
    spot trouble example: if a Hacker breaks in the system and notes you su
    lots he or she will trojan it to capture any passwords you enter to
    gain root access to the system acces to anything else you wouldn't
    want them poking around in. Aide/Tripwire should be installed on a
    clean system that hasn't been patched yet and it must be installed
    BEFORE you go on the Internet.

    Use Sudo to restrict access to root SSH and anything else

    Install Bastille Linux to Harden the System


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts