linux security without compromising...

[sickyourIT]

i know that this has been answered several times, and that by searching i could probably get close to a correct answer, but i don't want to make any bad assumptions on my own from my searches, so i'll ask this very directly.

I'm setting up a small linux box as a test system of sorts outside our company network. i plan on hanging this on a router outside the company's firewall. What is the best way to ensure security on this bad boy, without going overboard. i'm installing turbolinux workstation 4.0.5, if that helps.

thanks,
-skurIT

[XDrack]

Ok, tath depends on wath kind of box will you install (i.e. webserver, fileserv,etc).

Acording of the type of services that you will enable, we could give you a more especific answer.

xDrack

[MrLinus]

Hrmm..

Well I'd think..

1. Determine what the box will be used for. Eliminate (uninstall) any services not needed. This includes XWindows, games, etc.

2. Ensure good passwords

3. Use encryption rather than plain-text (SSH over Telnet, SFTP over FTP)

4. Update/patch any services you have to have running

5. Put a firewall on it (IPTables/Ipchains) to deal with unwanted attacks

6. Some type of logger to a remote location in case the box is compromised, you'll have a record of events (visit http://www.honeynet.org/papers/honeynet/tools/ to find a bash shell that records all keystrokes).

7. Perhaps install a kernel security feature like www.grsecurity.net

8. Research, research, research. Find the vulnerabilities and fix them.

9. Repeat as needed.

There are some books, if that is up your ally, that can give you some direction like Real World Linux Security and/or Practical Unix and Internet Security

[sodaphish]

1) use ingress packet filtering (in linux, `man iptables`)
2) turn off all unnecessary services (check open ports with `netstat -na | grep -i listen`)
3) apply vendor patches.
4) monitor vendor security lists and apply recommended patches.

-C

[dac0braman]

well start off by getting a port scan and sealing all unused ports

encrypt as many files as possible

ensure all passwords are 100% secure (if possible)

and always keep a log of all operations so if someone does get in you know how they did it and how to fix the problem

[doc crontab]

" What is the best way to ensure security on this bad boy, without going overboard."

Install Tripwire or Aide on the system to monitor your files closely for
unauthorized changes: additional files added to the system, changes in
your system permissions& owners, replaced login, trojaned ssh client,
hidden sniffers placed in magic places you wouldn't guess. I recommend
you compile and install the latest chkrootkit program to help
spot trouble example: if a Hacker breaks in the system and notes you su
lots he or she will trojan it to capture any passwords you enter to
gain root access to the system acces to anything else you wouldn't
want them poking around in. Aide/Tripwire should be installed on a
clean system that hasn't been patched yet and it must be installed
BEFORE you go on the Internet.

Use Sudo to restrict access to root SSH and anything else

Install Bastille Linux to Harden the System

Doc