LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   general security advise (https://www.linuxquestions.org/questions/linux-security-4/general-security-advise-386394/)

phsythax 11-25-2005 08:18 AM

general security advise
 
what software do i need to make my gentoo computer as secure as possible?

is snort enough? i heard that snort was an Intruder Detection System, but not a firewall. is that true?

my computer has 1 network card, plenty of space and RAM, No routers or other types of hardware security.
i am seeking the ultimate security guideline for linux computers.

GrueMaster 11-25-2005 10:03 AM

Try Shorewall. It will configure your ip filters that are built into the kernel (since 2.4). It is fairly easy to work with, especially if you use the webmin system configuration utilities.

Capt_Caveman 11-25-2005 01:32 PM

Along with a good firewall, I'd definitely recommend using a file-alteration scanner like tripwire, samhain, or aide. You should also use a good rootkit scanner like chkrootkit or rkhunter. I consider those to be absolute necessities on every new install. You should also include a general hardening procedure on every new install, including turning off un-needed services and install security patches.

Beyond that, there is a wide number of security measures you can take, really depending on your particular requirements and how you define "as secure as possible". For example you can do things like kernel hardening, add buffer overflow protection, tighten access controls, chroot services, remove dynamic module loading (lkm support), etc. A good place to start is by taking a look at unSpawns Security References thread near the top of the forum and do some reading.

phsythax 11-25-2005 04:16 PM

thank you both of you

sundialsvcs 11-27-2005 09:55 AM

In security, the human factor is always the weak link. That means... you, the system owner/administrator.

The technologies that are available in the non-classified, consumer segment are more than adequate for the purposes for which they were intended ... if they are properly managed and used! (And the same goes for military systems, as well. A recent audit of the National Security Agency itself found more than 200,000 potential problems!) Yes... the weak link, and the most probable point of attack, is you and your employees.

Take the time to notice exactly what daemons are running on the system, and why. What user-ids exist and which can actually log in. Which services are available forxinetd to start-up. Take the time to use passwords that aren't in a dictionary. If you are not using mail, or news, or NFS, or what-have-you, turn them off! If you use ssh, use digital certificates.

Most of the time we're dealing with automated cat-burglars ... opportunists. They are used to finding neighborhoods where every door is unlocked and every window is open and nobody's home. So, if they twist on a doorknob and it doesn't turn, why bother with this one? "Next!" It's just like the old saw that "the most important part of a home security system is the sign in your yard." If you do even the slightest thing to lock your doors and windows, then you are no longer "easy pickings" and it's apparent that you might be watching. Unless the intruder knows you and you really have something that he would want (which is unlikely), you're likely to be ignored.


All times are GMT -5. The time now is 10:57 PM.