Hi Linux GURU's ,


My question is simple but very important for me ...... I want to harden our Linux RH 9.0 machine ......Please tell me some good procedures to make it more secure than it is ......... I m not in search of any new security software to install .....just the precautionary steps .........
If you need some more information ....plz let me know . Thanx in advance . Bye .

hi

could u specify
what is ur purpose,for wht do u want to make linux secure(home user,server etc etc)
also what problems u r haveng presently with the security currenlty being provided

regards

Hi Masand ,
Actually this linux is currently used for database purpose ....for storing data .
So we need not have any other things activated in it ..... . And we need to secure it and dont want unauthorised access in it ....in case any such thing is happening in the backgrounf then we should get notice of it immediately ...... .
Stuff that makes a machine more secure ....... ANything else you want budyy ??

Hi,

I guess you need to query the database server only from certain server or certain machines on a subnet.

You can modify the /etc/hosts.allow to include the subnet and also this will limit the ssh / telnet access from that subnet only.

So if your admin machine is on antoher subnet you can alwayz put that subnet in the /etc/hosts.allow

.... Nitin ....
http://nitinb.blogspot.com

HI
adding further to it
u should
1.put a password in ur bootloader
2. look out for tripwire

and to check out chkrootkit(chkrootkit.org)

as of now i have these ideas only ,will keep u posted on more

regards

Thanx Masand ,

Yaa I will try to look for those solutions ...but I will also wait for those any more suggestions from u ......Bye

Strip out any programs or services that you don't need.

Search for suid or guid programs.

I don't have red hat but you may have a program which checks for file changes and permission problems. Monitor the log output of this program to catch potential problems before a hacker does.

I read a book on setting up linux servers, and I was surprised how stripped down ( program-wise ) the system was. If you have only the binaries needed to run the server, it would be easier to do things like making a list of the md5sums of the files, so if you think you may have been hacked, you can check if any files are altered.

Be sure you don't have wireless devices on your network. Pros can pick up network traffic in an office from miles away.

Some people have a direct cross-over connection to another computer which receives the logs. Hackers will try to cover their tracks by altering the logs. Keeping the logs on a seperate computer not on the network makes that harder.

You might want to pick up a book such as 'Firewalls and Internet Security'.

Besides protecting the database from attack you also need to protect propriety information in the database itself. That means that you need to consider security of each workstation also, and network security overall.

Check the password policy of your network. Do the passwords need to meet a minimum criterian before a password change is accepted. I read that the most common way that professional hackers ( industrial spying ) obtain passwords is to pose as someone from the companies IT department.

Keep current at installing security patches.

I suggest you to install a nessus ( www.nessus.org ) scanner first, use the scanner to scan your box, if any problem found, follow the nessus advisories to fix.

You'll find this site very useful: www.bastille-linux.org

Bastille Linux works... go to www.bastille-linux.org

1.) download the bastille-linux rpm... should be on their main page.
2.) go to this page http://www.bastille-linux.org/perl-rpm-chart.html
3.) You'll need the modules listed under Red Hat 9.0
4.) The links for ATrpms are broken, but this URL will give you what you need. Only download the ones that were suggested from the bastille-linux consulting table. http://atrpms.net/dist/rh9/

so all together you should have:
Bastille-Linux rpm
perl-Tk from ATRPM AND ATRPMS package (Graphifical)
perl-Curses from SuSE (Text-Console)

Once you have these, put them all in the same folder and as root run:
rpm -ivh *.rpm

Then just run:
$bastille
and you're good to go
Bastille-Linux will ask you a bunch of questions about what services you want to run. When you're done you'll have a fortified Linux system.