Trying to harden my Slackware 14...
 

Hi, had a lot of time without coming to the forum, now I think it's time to harden the security of my Slackware 14, I looked around on google but didn't find a guide applied to Slackware 14 and the ones I found are old..

Can somebody tell me if there's a paper or a guide applied to Slackware 14? and where can I find it?



greetings
NattaN

No paper is there. Because Slackware is hardened by default... ;)

It depends how much do you want to harden slack, but I'd start with hardened (grsecurity) kernel. See this guide - http://mrejata.us/articles.php?article_id=84. If you want to try SElinux, well, go ahead. Although I'm afraid that it might depend on PAM, which isn't shipped in Slackware, but nothing stops you from compiling it yourself.

Look at this thread.

Slackware technically doesn't require Hardening with SELinux to be secure as it's very secure by default. The only real thing it lacks is a preset Firewall script of which instructions are available as well as AlienBOB's Easy Firewall script generator for IPTables.

SELinux also requires several packages to be rebuilt also which currently there are no SELinux packages available for Slackware, and the available build scripts would require a good bit of editing.

You can add additional Hardening to Slackware, but it doesn't really add much to the security layers, if anything worth significance.

The only thing I recommend is you add possibly a Firewall script for IPTables, and add also maybe, from SlackBuilds.org, ClamAV, RKHunter, and Snort if you really feel something isn't up to par.

If you are absolute you need a SELinux Hardened system or similar UNIX-like OS, I recommend you look into Hardened Gentoo, or maybe even OpenBSD.

I'll chime in with a slightly different viewpoint. Security is a process, not a specific program or single script. While Slackware is fairly secure out of the box, it is also just as vulnerable to threats from 3rd party software as any other Linux distro. So maybe a few things to think about are:

- Do you have a process for keeping Slackware updated?
- Do you have a process for keeping 3rd party software updated?
- Have you figured out what servers will be public facing and eliminated everything else?
- Do you have some sort of monitoring system in place that can tell you you've been compromised?
- Do you have an understanding of what to do if you get compromised?
- Do you have a backup/recovery plan?

If you use a lot of 3rd party software, PaX could help against intentional or unintentional low level exploits (buffer overflow, etc.).

On the other hand, PaX hardened kernel might break few things. Alfresco binary installer for instance (but maybe it's doing bad things and PaX actually helps). And also it could lower security a little bit, when monitoring software (zabbix, nagios, etc.) needs access to certain files in /proc and kernel denies access to these process. Workaround is to add these particular users to privileged group (wheel by default), which doesn't seem to me as much secure.

These are just my observations from using hardened Gentoo (without SElinux) and I agree that you won't need such hardening unless you are running some mission-critical setup with very strict security policy.

Even then, I think, if I'm not mistaken, most modern 3.x+ Linux kernels and software now take advantage of the AMD/Intel NX-Bit technology built into CPUs which is similar to Data Execution Prevention on Windows to stop things like buffer overflows and illegal addressing of memory space before they even start.

There's a bunch of small things one can do to harden security. I think PAM and Policy-kit to be one of the first and most beneficial (but are a major PITA to install). Limit access to inetd or sshd (or uninstall altogether). I used firewall builder to build a simple script. BTW, you'll get iptables errors unless you build a kernel with iptables logging enabled. I don't like mysql. Remove it. It will break akonadi. So what. Same with NFS (at the kernel level, too... I'm guessing the same with fhandles).

I don't trust grsecurity or selinux (just my opinion). A full install of selinux requires systemd compiled against selinux and selinux PAM modules (both of which Slackware does not include by default). If you're a fan of these perhaps ubuntu would be a better solution.

I wrote some basic security tips here:
http://docs.slackware.com/howtos:sec...basic_security
However, you should be a bit more specific as to your needs.

Also remember who develops SELinux.

- Do you have a process for keeping Slackware updated?
*yes, I usually check for updates using the slackpkg tool.

- Do you have a process for keeping 3rd party software updated?
*If you mean upgrading packages like seamonkey, audacious, etc, I think slackpkg would do that :/.

- Have you figured out what servers will be public facing and eliminated everything else?
*This is just a laptop, but the only service I have active that permits remote acces is ssh.

- Do you have some sort of monitoring system in place that can tell you you've been compromised?
*Nope, I tried to install Snort but couldn't do it am missing some lybraries.
- Do you have an understanding of what to do if you get compromised?
Nope, now that you mention it I don't have such a plan.
- Do you have a backup/recovery plan?
*No, I don't have it. :(


greetings
nattan

Another area to harden is dhclient. I found mine listening on some extra ports (not real sure what triggered it either).

Anyway if you turn off NSUPDATE in site.h and recompile, this will take care of that.
I followed the instructions here:
http://forums.debian.net/viewtopic.php?t=95273

I don't want to sound discouraging, but Linux's security by default _is a myth_ .

Slackware may be more secure than Windows, but it was easier to gain outside access to it than e.g. my Fedora 17 box. Slackware allows root and password logins _by default_, which leaves a lot of security up to the external infrastructure.

For most users on laptops, that external infrastructure is a SOHO router, which may even have remote admin and upnp enabled by default (both insecure) not to mention default (/ISP) passwords..

X is also insecure on multi user systems.

Slackware is a good starting point, but it isn't more secure than its user's knowledge and practice. This goes for all Linux distros, and to some extent FreeBSD as well, which is even more conservative.

Security is a multi-faced approach to putting yourself in the attacker's place and making the appropriate counter measures. Methods and measures change continuously, so it's really a mindset; and _not_ "what you get" out of the box.

Evidence?
Evidence?
What has that to do with Slackware?
Have you tried an exploit on a default Slackware install?
Motherhood statement.
Motherhood statement.

This post is as vacuous as your kitchen window.

hosts
 

As said in http://slackwiki.com/Basic_Security_Fixes , editing your hosts.deny makes some difference.

Looking at attack attempt logs from intentionally unsecured honeypots, it does make some difference.