Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Along with a good firewall, I'd definitely recommend using a file-alteration scanner like tripwire, samhain, or aide. You should also use a good rootkit scanner like chkrootkit or rkhunter. I consider those to be absolute necessities on every new install. You should also include a general hardening procedure on every new install, including turning off un-needed services and install security patches.
Beyond that, there is a wide number of security measures you can take, really depending on your particular requirements and how you define "as secure as possible". For example you can do things like kernel hardening, add buffer overflow protection, tighten access controls, chroot services, remove dynamic module loading (lkm support), etc. A good place to start is by taking a look at unSpawns Security References thread near the top of the forum and do some reading.
Last edited by Capt_Caveman; 11-25-2005 at 02:33 PM.
In security, the human factor is always the weak link. That means... you, the system owner/administrator.
The technologies that are available in the non-classified, consumer segment are more than adequate for the purposes for which they were intended ... if they are properly managed and used! (And the same goes for military systems, as well. A recent audit of the National Security Agency itself found more than 200,000 potential problems!) Yes... the weak link, and the most probable point of attack, is you and your employees.
Take the time to notice exactly what daemons are running on the system, and why. What user-ids exist and which can actually log in. Which services are available forxinetd to start-up. Take the time to use passwords that aren't in a dictionary. If you are not using mail, or news, or NFS, or what-have-you, turn them off! If you use ssh, use digital certificates.
Most of the time we're dealing with automated cat-burglars ... opportunists. They are used to finding neighborhoods where every door is unlocked and every window is open and nobody's home. So, if they twist on a doorknob and it doesn't turn, why bother with this one? "Next!" It's just like the old saw that "the most important part of a home security system is the sign in your yard." If you do even the slightest thing to lock your doors and windows, then you are no longer "easy pickings" and it's apparent that you might be watching. Unless the intruder knows you and you really have something that he would want (which is unlikely), you're likely to be ignored.
Last edited by sundialsvcs; 11-27-2005 at 10:59 AM.