LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 08-31-2004, 01:54 AM   #1
sachinh
Member
 
Registered: Jul 2004
Location: india
Distribution: RH
Posts: 189

Rep: Reputation: 30
Linux OS Hardening


Hi Linux GURU's ,


My question is simple but very important for me ...... I want to harden our Linux RH 9.0 machine ......Please tell me some good procedures to make it more secure than it is ......... I m not in search of any new security software to install .....just the precautionary steps .........
If you need some more information ....plz let me know . Thanx in advance . Bye .
 
Old 08-31-2004, 02:17 AM   #2
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
hi

could u specify
what is ur purpose,for wht do u want to make linux secure(home user,server etc etc)
also what problems u r haveng presently with the security currenlty being provided

regards
 
Old 08-31-2004, 03:36 AM   #3
sachinh
Member
 
Registered: Jul 2004
Location: india
Distribution: RH
Posts: 189

Original Poster
Rep: Reputation: 30
ya sure

Hi Masand ,
Actually this linux is currently used for database purpose ....for storing data .
So we need not have any other things activated in it ..... . And we need to secure it and dont want unauthorised access in it ....in case any such thing is happening in the backgrounf then we should get notice of it immediately ...... .
Stuff that makes a machine more secure ....... ANything else you want budyy ??
 
Old 08-31-2004, 03:57 AM   #4
nitin_batta
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat Enterprise Server 2.1
Posts: 96

Rep: Reputation: 15
Hi,

I guess you need to query the database server only from certain server or certain machines on a subnet.

You can modify the /etc/hosts.allow to include the subnet and also this will limit the ssh / telnet access from that subnet only.

So if your admin machine is on antoher subnet you can alwayz put that subnet in the /etc/hosts.allow

.... Nitin ....
http://nitinb.blogspot.com
 
Old 08-31-2004, 04:35 AM   #5
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
HI
adding further to it
u should
1.put a password in ur bootloader
2. look out for tripwire

and to check out chkrootkit(chkrootkit.org)

as of now i have these ideas only ,will keep u posted on more

regards
 
Old 08-31-2004, 04:49 AM   #6
sachinh
Member
 
Registered: Jul 2004
Location: india
Distribution: RH
Posts: 189

Original Poster
Rep: Reputation: 30
Thanx Masand ,

Yaa I will try to look for those solutions ...but I will also wait for those any more suggestions from u ......Bye
 
Old 08-31-2004, 05:33 AM   #7
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
Strip out any programs or services that you don't need.

Search for suid or guid programs.

I don't have red hat but you may have a program which checks for file changes and permission problems. Monitor the log output of this program to catch potential problems before a hacker does.

I read a book on setting up linux servers, and I was surprised how stripped down ( program-wise ) the system was. If you have only the binaries needed to run the server, it would be easier to do things like making a list of the md5sums of the files, so if you think you may have been hacked, you can check if any files are altered.

Be sure you don't have wireless devices on your network. Pros can pick up network traffic in an office from miles away.

Some people have a direct cross-over connection to another computer which receives the logs. Hackers will try to cover their tracks by altering the logs. Keeping the logs on a seperate computer not on the network makes that harder.

You might want to pick up a book such as 'Firewalls and Internet Security'.

Besides protecting the database from attack you also need to protect propriety information in the database itself. That means that you need to consider security of each workstation also, and network security overall.

Check the password policy of your network. Do the passwords need to meet a minimum criterian before a password change is accepted. I read that the most common way that professional hackers ( industrial spying ) obtain passwords is to pose as someone from the companies IT department.

Keep current at installing security patches.
 
Old 08-31-2004, 05:37 AM   #8
hutuworm
Member
 
Registered: Aug 2004
Posts: 130

Rep: Reputation: 15
I suggest you to install a nessus ( www.nessus.org ) scanner first, use the scanner to scan your box, if any problem found, follow the nessus advisories to fix.
 
Old 08-31-2004, 11:51 AM   #9
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
You'll find this site very useful: www.bastille-linux.org
 
Old 09-29-2004, 11:47 AM   #10
rnice
LQ Newbie
 
Registered: Sep 2004
Location: Maryland
Distribution: Red Hat 9
Posts: 13

Rep: Reputation: 0
Bastille Linux works... go to www.bastille-linux.org

1.) download the bastille-linux rpm... should be on their main page.
2.) go to this page http://www.bastille-linux.org/perl-rpm-chart.html
3.) You'll need the modules listed under Red Hat 9.0
4.) The links for ATrpms are broken, but this URL will give you what you need. Only download the ones that were suggested from the bastille-linux consulting table. http://atrpms.net/dist/rh9/

so all together you should have:
Bastille-Linux rpm
perl-Tk from ATRPM AND ATRPMS package (Graphifical)
perl-Curses from SuSE (Text-Console)

Once you have these, put them all in the same folder and as root run:
rpm -ivh *.rpm

Then just run:
$bastille
and you're good to go
Bastille-Linux will ask you a bunch of questions about what services you want to run. When you're done you'll have a fortified Linux system.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux Red Hat Hardening Work clihelp Programming 1 11-25-2005 03:28 AM
I need some ideas for hardening Bill Johns Linux - Security 2 05-01-2005 04:11 PM
Hardening Linux with TPE wardialer Linux - Newbie 0 11-03-2004 02:36 PM
Hardening RH 9 velan Red Hat 4 06-16-2004 08:40 AM
Hardening Linux Systems N_A_J_M Linux - General 0 02-07-2003 09:18 PM


All times are GMT -5. The time now is 08:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration