SUSE Security Settings in Yast?
 

Hello -

My goal is to achieve the most security on my system running SUSE Linux 9.3. Under YAST>Security Settings can anyone please guide me through the steps into making the most secure settings. Im on a standalone system which makes it easier. I will post below on what portion of the steps I need help with. So, here we go.

Days to Password Change warning.
Days before Password expires warning.
Delay After Incorrect Login Attempt
User ID/Group Limitations (I need help on this one right here)
Set of File Permissions (I set this one to SECURE)
User Launching Updatedb (What does this mean?)

Can anyone explain these settings and whats the most secure setting that I should set for each of these areas? What setting is recomended for each of these areas?

Thanks.

Just to confirm - you're not connected to any network?

No, its a standalone computer. Im only using the system only for the Internet and Email, thats it.

Can someone please assist on this one?

Re: SUSE Security Settings in Yast?
 

Each user account is identified internally by an ID number. Each user belongs to a group (or several) that is also tracked this way. The "Limitations" here are simply the largest and smallest numbers that can be used for user ID's. I'm not entirely positive why this is in security.

The updatedb is only a very minor security issue. For it to matter at all, someone would first need to break into your system. If updatedb is run as root, then the hacker will be able to see every file and directory is on the computer. Note that this doesn't give them access to those files, it just lets them know that they exist. If it is run as nobody, then they will only see files that could be seen by any logged in user (the nobody user). This can be inconvenient if you ever want to use the locate command as root. Otherwise, you wont notice a difference.

Ok, but can someone please give me the recommendations for each settings on what to needs to be set for max. security?

Thanks

Hello -

I need some more help on this please. What UID numbers do I have enter in one of the steps? Can someone (if anybody who knows SUSE) please help me through the steps if possible. I want to obtain the highest level security in SUSE.

What is the "NOBODY" account? I never created it. I just created my own username. This scares me a bit.

There are a number of accounts automatically created that are used by the system for varying purposes. The nobody account has only the slimmest of privileges. It is used to run system programs that don't need any special permission. This is for security purposes. If an error (a buffer overflow, for example) exists in a piece of code, the error wont be able to do anything to the system at large. It wont have permission to! This is both for security and stability.

Account numbers 0-100 are reserved system accounts, and account number 101 -65,000(ish) are for user accounts SuSE defaults to starting user accounts at number 1000. The main security issue with account numbers relates to a government security rating system where for certain applications (mainly military, FBI, CIA) usernames can not be reused, so if some one quits a Job at one of these organizations no one should ever be able to login with their username again, so you retire the account instead or deleting it. To the best of my knowledge the number setting really have no major importance for a home user, just make sure you don't exclude id numbers that are in use, something like 0-1100 should be sufficient.

if you want to be absolutly certain open up a command line terminal and run the "id" command and it will tell you what uid and gid number you have been assigned, then just set the limit so that numbers 0 through the highest uid number are included.