No, the forum choice is excellent I'd say.
First thing is to make a "baseline fingerprint" of all the binaries you've got on your box using Aide, Tripwire, Samhain or similar.
Next you've got to decide what to use the box for, and minimize risk due to exposure, meaning ditch any apps you won't be using *now* (so that excludes apps with reasons like "dunno what it's for but it must be usefull", "I'll look into it" or "I'm sure *gonna* use it"). You can always install later.
If this box will be a server box, ditch GUI stuff like X11, Gnome, KDE, gcc and any daemons you will not be running to minimize risks further.
If this box will be a shell-server box, you will want to look into curbing risks due to users trying to exploit weaknesses.
In any case activate a firewall script if you didn't already, disable running daemons you don't need, run OpenSSH to get remote access and run Bastille as Mandy comes with it IIRC.
All of this preferably *before* you get it hooked up to the network :-]
I'll tack on my reference list as usual, please ask if something ain't clear.
Basic references:
- AUSCERT UNIX Computer Security Checklist (Version 1.1)
www.cert.org/tech_tips/AUSCERT_checklist1.1
- Steps for Recovering from a UNIX or NT System Compromise
www.cert.org/tech_tips/root_compromise.html
In fact read the whole of
http://www.cert.org/tech_tips/
- The CIT Computer Security Handbook:
www.cit.nih.gov/security/handbook.html
- Aging stuff from Phrack, good to read back to be sure, like "Unix System Security Issues"
www.fc.net/phrack/files/p18/p18-7.html
- SEI stuff like
www.sei.cmu.edu/publications/lists.html handling IDS
- Intrusion Detection and Network Auditing on the Internet
www.infosyssec.net/infosyssec/intdet1.htm
Top it off with some reading material on security:
- Security tips:
www.cert.org/tech_tips/ and
www.cert.org/security-improvement/, http://www.securityportal.com/resear...xsecurity.html
- Top ten vulnerabilities:
www.sans.org/topten.htm and
http://www.cert.org/present/cert-ove...ends/index.htm
- Firewalling:
www.infosyssec.net/infosyssec/firew1.htm, www.linux-firewall-tools.com/linux/
- Securing Xwindows:
http://www.uwsg.indiana.edu/usail/ex...d/xsecure.html
Basic Linux references:
http://www.sans.org/infosecFAQ/linux/linux_list.htm
-
The SANS Reading room: Linux issues (used Google's cache),
- the LASG or
Linux Administrator's Security Guide,
- Securing Optimizing Linux RH Edition(1),
-
Linux Security HOWTO,
*Linuxsecurity.com have a Quickreference pdf card.
Post-Installation Security Procedures (Linuxjournal)
-
Security Quick-Start HOWTO for Linux,
- The Linux-PAM System Administrators' Guide
-
Armoring Linux,
- A Short Course on Systems Administration and Security Under Unix(1)
- SAG:
The Linux System Administrator's Guide,
- Basics on firewalling:
www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
- Basic introduction to building ipchains rules:
www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
- Explanation of the Ipchains logformat: logi.cc/linux/ipchains-log-format.php3
- Ipchains log decoder: dsl081-056-052.dsl-isp.net/dmn/decoder/decode.php
- The Iptables HOW-TO:
http://people.unix-fu.org/andreasson/index.html
- LQ notes on Linksys security: http://www.linuxquestions.org/questions/showthread.php?postid=157007#post157007
Neohapsis archives:
http://www.neohapsis.com
Linux Gazette:
http://www.linuxgazette.com
Experts exchange:
http://www.experts-exchange.com
Linuxsecurity.com, SecurityFocus.com
Matt's Unix Security Page: http://www.deter.com/unix/