iEntry 10th Anniversary
LinuxHaxor
WH
MH10 Basic Linux Security Tips to Implement
 |
The following is a list of rules and tips you might find useful in dealing with basic security concerns:
- Avoid doing your regular jobs when you are logged in as root. This reduces the risk of getting a cuckoo egg or a virus and protects you from your own mistakes.
- If possible, always try to use encrypted connections to work on a remote machine. Using SSH (secure shell) to replace telnet, ftp, rsh, and rlogin should be standard practice.
- Avoid using authentic method based on ip address alone.
- Try to keep the most important network-related packages up-to-date and subscribe to the corresponding mailing lists to recieve announcements on new versions of programs such as bind, postfix, and ssh. The same should apply to software relevant to local security.
- Disable any network services you do not absolutely require for your server to wok properly. This will make your system safer. Open ports, with the socket state LISTEN, can be found using the netstat program.
- RPM packages from SUSE are digitally signed. You can verify the integrity of any SUSE RPM package by entering this on concole: rpm — chechsig package.rpm . The needed public gpg-key is copied to the home directory of root upon installation.
- Check your backups of user and system files regularly. Remember that if you do not test whether the backup will work, its as good as useless.
- Check your log files. Whenever possible, write a small script to search for suspicious entries.
- Use firewall to enhance the security provided by tcpd (tcp wrapper)
- Design your security measure to be redundant. A message seen twice is better than no message at all.
Linux Commands/Tools Security Tips
Loading ...
Nice tips. I saw your post on AO and replied to it. I might as well as post it here too.
From http://antionline.com/showthread.php?t=276207
1) Avoid doing your regular jobs when you are logged in as root. This reduces the risk of getting a cuckoo egg or a virus and protects you from your own mistakes.
–> I don’t see a reason to log in as root. Log in as a normal user and then use su or better yet… sudo to perform root functions. If there are programs that you run on a regular basis that needs root, then add the appropriate users to the sudoers file and assign only the necessary root commands. This is good for things like nmap. It also reduces the need for many people to know the root password.
2) If possible, always try to use encrypted connections to work on a remote machine. Using SSH (secure shell) to replace telnet, ftp, rsh, and rlogin should be standard practice.
–> Allow only the SSH2 protocol. It is good practice to deny root the ability to login via ssh. Allow access to ssh on a user or group basis.
5) Disable any network services you do not absolutely require for your server to wok properly. This will make your system safer. Open ports, with the socket state LISTEN, can be found using the netstat program.
–> Sometimes it can be helpful to bind services to localhost only. I’ve found scenarios where I need mysql and apache installed but don’t need remote access to either of them. (Such as a snort/mysql/base solution which will only be accessed via the console.) They only need to listen on the loopback interface. Use tcp wrappers as well as firewall rules to restrict access to network services.
8) Check your log files. Whenever possible, write a small script to search for suspicious entries.
–> If possible, send your log files over an encrypted connection to a hardened syslog server and archive your files on a regular basis. If you have the ability to aggregate and correlate your logs, even better.
about 10 Basic Linux Security Tips to Implement is very good