Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
yes i did, and the only link there is about hardening RH9 is bastille, which i have already ran like i said it in my post
When I asked you to read the first post I didn't mean reading about Bastille and using that alone. You should read the checklists and securing part.
Let's give you a quick run-tru of the main points.
I. Remove any user software, network daemons you have no immediate need for *NOW*. That includes everything in the "hmm, (whats that?|sounds interesting)" and "I'm sure gonna use/need that later on" categories: if you need it later, install it at that time.
Common pitfalls are for instance the MTA: you don't need Sendmail, postfix or exim running to send email, and you dont need DNS (BIND, named) running to *access* your ISPs DNS servers.
II. For network services you need to provide and network daemons you need yourself, place access restrictions in 1. the applications configuration files, 2. tcp wrappers and 3. the firewall.
If the service is run from (x)indetd, see /etc/(x)indet.d for configuration files.
Restart all services and check for services in the LISTENING state with "socklist", "netstat -anp" or "lsof -i".
III. Use a restrictive default firewall policy of DENY. This means you will have to add explicit rules for any serve you need access to, or provide, but doesn't allow access when rogue services are started.
IV. When you installed Linux, you should have installed a filesystem integrity checker like Aide, Samhain or tripwire. Relying on the rpm database to validate your system does not provide sufficient coverage.
V. Prevent malicious local/network activities and privilege escalation by patching your kernel with the Grsecurity(.net) patches and configure your system for it.
VI. Use sufficiently strong passwords. Restrict local user access using /etc/securetty (root access), login.defs, PAM (also see /etc/security) and the shell resource files. Set proper ulimits.
VII. If network-facing daemons can be configured to drop root privileges and run as a lesser-privileged user, configure them so.
VIII. Have the discipline to update your system regularly, especially if an application is found vulnerable. Putting it off will make your system a liability for all who use the network, the internet.
IX. /*can I do that? or do I use VIIII?*/
Have the discipline to regularly run local system checkers like Tiger, COPS, Lsat, Chkrootkit and monitor your logs and act on anomalies.
*Please note this list aint complete. Please read the checklists and securing part. *Then* try to ask more specific questions.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.