Securing Linux/Unix System's
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Securing Linux/Unix System's

  1. #1
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055

    Securing Linux/Unix System's

    Greet's AOer's. I was searching google for some research into Advanced Security of Linux/Unix system's as I wanna help to secure my OpenBSD system. As I was searching, I came across this interesting e-book so to speak (it's kinda in notecard form too, oddly enough) that goes deeply into many topic's involving *nix security. I think it's a must read for the *nix Admin/User and it cover's topic's ranging from HoneyPot's, Network Design's, Installation Security, Defense-In-Depth, Workstation's and Server's, and it even goes into some tool's used for security of *nix system's. Enjoy!

    P.S: It is a bit out-dated, but still has plenty of information that is useful.
    Space For Rent.. =]

  2. #2
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Thanks Spyder

    Also check out CERT's UNIX Security Checklist:

    http://www.cert.org/tech_tips/usc20_full.html

    Though I don't even have a *nix box, ( ) I still read this from time to time just to learn something new.

    Later

    mjk

  3. #3
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Hrmm, you should definitely setup a *nix box sometime and explore it. It's alotta fun when you learn the command's and work your way around it and whatnot. CERT's checklist has helped me through some tough time's (and has served it's purpose rightfully!). You should use what you know about *nix security and setup a *nix system. Trust me, it's alot better than Window's
    Space For Rent.. =]

  4. #4
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    If your serious about UNIX security, get a hold of the bibles of the industry.
    Like Practical UNIX & Internet Security www.oreilly.com

    Chapter 2: Policies & Guidelines
    Chapter 3: Users and Passwords
    Chapter 4: Users, Groups, and the Superuser
    Chapter 5: The UNIX Filesystem
    Chapter 6: Cryptography
    Chapter 7: Backups
    Chapter 8: Defending Your Accounts
    Chapter 9: Integrity Management
    Chapter 10: Auditing and Logging
    Chapter 11: Protecting Against Programmed Threats
    Chapter 12: Physical Security
    Chapter 15: UUCP
    Chapter 16:TCP/IP Networks
    Chapter 17:UNIX TCP/IP Services
    Chapter 18: WWW Security
    Chapter 19: RPC and Configuration Management
    Chapter 20:NFS
    Chapter 21: Firewalls
    Chapter 22: Wrappers & Proxies
    Chapter 23: Writing Secure SUID and Network Programs
    ect....

  5. #5
    Junior Member
    Join Date
    Dec 2002
    Posts
    21
    I couldnt agree more with the person above.
    Practical UNIX & Internet Security from Oreilly is your first choice if you want to get a sound knowledge of *nix'es Security. As you can see from the table of contents, it covers all the major factors for securifying your *nix system and sheds light on the tools of trade.
    Also, The Linux Documentation Project has some thorough guides on removing unnecessary services and locking down your system.

    http://tldp.org/

  6. #6
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Originally posted here by Spyder32
    Hrmm, you should definitely setup a *nix box sometime and explore it. It's alotta fun when you learn the command's and work your way around it and whatnot. CERT's checklist has helped me through some tough time's (and has served it's purpose rightfully!). You should use what you know about *nix security and setup a *nix system. Trust me, it's alot better than Window's
    Yeah I've been sitting on my ass for quite a while... Maybe this weekend I'll see what I can do. I already know a bit from toying around with Knoppix-STD and PHLAK. I actually have Red Hat installation CDs...

    Somewhere...

    Hopefully I'll find them

    mjk

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675

    Thumbs up

    Hey Hey,

    ^5 on the O'reilly and other books. When I began with *nix's securing the box the best I could and using good common sense was an obvious concern. The common sense may wavier now and then however, after you harden your *nix, it may well cover you pretty good when the common sense fails.

    In addition to the O'reilly's, early on I grabbed a copy of "Maximum Linux Security" by Anonymous and when I learnt how to download with Linux, "Bastille" was quickly employed. The progam walks you through most of the steps in tightening up your OS.

    http://www.bastille-linux.org/

    (You might want to setup a dual-boot hard drive and enjoy the best of both Windows and Linux)

    cheers
    Connection refused, try again later.

  8. #8
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    One of the things that may throw someone off a little bit is that most versions come with services running by default. One of the best things you can do to make sure your installation is fairly secured is follow the list here:

    When installation completes, if your distro came with a firewall, set it up. SuSE allows this before the thing even boots up. SuSE is very easy to secure because you cans et up the firewall, turn off services, and even update it with all the latest updates and patches BEFORE it even boots up.

    If you don't have SuSE though you should be setting up a firewall as soon as possible, and then updating everything. Then turn off services. Or turn off services, then update. Either way you want services you don't need off, and updates installed to prevent anything from happening.

    Someone here on AO had installed Free BSD, and then went to bed, and when they woke up, they had been rooted. I can't tell you enough how it is needed to update and turn off services you don't use.

    Windows may make you run ROPC, but with Linux, you don't need it unless a service you run is using it, like NFS.

    Also, Hacking Exposed for Linux is another good place to learn. They will not only show you how to exploit services, but how to prevent and fix them.

    Another book I recommend is Free BSD unleashed, second edition; Or whatever the new edition is now.


    It has a great security section that can be very helpful to someone new to UNIX, but not new to security, as some topics may be more advanced.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  9. #9
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Very good information gore, as well as Relyt. There are lot's of book's and whatnot that's available online (as well as offline) that could help a new *nix user's first time with security of their box (whether tis be any Linux distro or a Unix system). Updating your machine and it's service's when there is an update is a vital (if not the most vital) part to keeping your *nix box secure.
    Space For Rent.. =]

  10. #10
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Originally posted here by gore

    Someone here on AO had installed Free BSD, and then went to bed, and when they woke up, they had been rooted. I can't tell you enough how it is needed to update and turn off services you don't use.
    God, I've been down that reinstall.

    Originally posted here by gore

    Also, Hacking Exposed for Linux is another good place to learn.
    [/B][/QUOTE]

    One of my online friends, link is actually posted in Hacking Exposed for Linux (second edition) page 47. aKa Liquid fish
    http://www.fish.com/security/

    God that kid is smart, cocky but smart! Hell, I've seen him and catch getting into it on another board. Talk about two smart people being objective in another windows linux thread, but that one took the cake!

    For someone who is just starting out, SAMS teach yourself in 24_hours are great. I have the linux security,linux & Perl..... EBAY 17 dollars for two of the SAMS & eight for the Oreilly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •