Beyond basic security tuning
 

OK, I got past configuring servers (even disabled inetd, ident, yp... all that I could), iptables, root suid programs, options in fstab, login.defs, hosts.deny... I could I do now? I'm looking at Tripwire and Snort. But what do you know works well on slack you would recommend? I know about a plethora of patchs like grsecurity, bastille, apparmor, selinux... But the majority of them seems to be discontinued. Or these new kernel versions don't need them?

Is the stock slackware kernel already very well secured or can I improve it?

And what about PAM?
Stock Shadow encryption in Slack is good?
There is some other good logging tool?

This machine is used only as a desktop, thus I don't need network servers running.


Sorry If I missed some thread about this, because all I could find were dated posts.

So lets discuss about security on someone who's paranoid's desktop slack. :^)

My experience running my personal server is that Slackware is pretty secure out of the box. That said, I have done a few things:

1) Lock down ssh to only accept key-based logins, no username/password
2) Running AIDE to check for changed files
3) Using mod-security to lock down Apache a bit more.
4) Turn off all unused services

My personal opinion is that for desktop use, there isn't a lot that is needed. I use Firefox plus Adblock and Noscript to keep browsing threats down. In fact, I don't have my desktop machines locked down as tightly as my server is.

#1 on my list is to maintain your security patches.

Thanks for the replies.
Do you have experience with security patches for the kernel? Like those that difficult buffer overflow. What do you think about?

Personally I think that since it's a desktop machine that has no services running that you really just need to be sure you have decent passwords and that your system is up-to-date with security patches. A local firewall will add some security but make it too tight and you begin to loose functionality.

Realistically the weakest point of any system is the user/administrator.

There are many penetration testing live cd's out there that you can run against your system to verify the security.

OSSEC might be interesting to you also.

If you are downloading/compiling/installing software, make sure it is from a reputable source and that you verify all signatures (preferably gpg signed) before doing anything with them.

Many years ago my friends and I created a set of hardening scripts for Slackware http://www.sastk.org/. These are well and truly out of date now and should only be used on the versions they were written for but may give you some ideas if you want to harden your system further.

P.S I see you have J Denton's hardening doc in your sig... that's a pretty comprehensive list. Jeffery was also one of the SAStk authors.

As others have pointed out, a first priority should be to always stay uptodate. Most attacks still occur on unpatched systems. For a desktop system, you won't be running so many services that you will have to worry about it, but a simple firewall will provide protection ifyou are still worried about it.

If you are interested in kernel patches, then I would suggest RSBAC. SELinux is definitely kept uptodate, and was accepted into the kernel sometime ago, although it is quite dependent on PAM, and so can be a nightmare to setup on slack. GRSecurity is still in development, and is quite simple, and will stop many of the attacks that would probably be used against a home user.

RSBAC is more similar to SELinux in scope, and has several advances security models. It is extremely stable and still in development, and works perfectly with slackware. I run it at the moment without an issue.

Thank you very much. I will look at these.