Re: Locking Down a Linux Box

From: Jon Larabee (jlarabee@greenapple.com)
Date: 12/21/01


Date: Fri, 21 Dec 2001 17:45:25 +0000 (/etc/localtime)
From: Jon Larabee <jlarabee@greenapple.com>
To: Kevin Robitaille <kevin.robitaille@ergogroup.com>

Yeah,

1) Institute a firewalling policy either using either ipchains, or perhaps
ipfilter if you want to use stateful packet filtering.

2) Kill ALL non needed services from inetd. Many come enabled by default,
and are entirely insecure. Things like pop3 servers, rpc, ftpd, telnetd
ect all can be disabled from either the rc startup files (found in etc) or
in inetd.conf
often found in /etc/inetd.conf

3) Install SSHD 3.x and set it to run, so you can remotely access and
congfigure things.

4) If you want, openwall patches, or patches for the kernel based on those
patches, are nice additions to deal with buffer overflows, gcc trampolines
and the like.

5) Enabling tcp_syncookies and rp_filter are good ideas. Most distros have
those enabled by default however.

These are the first things that come to mind when I think of securing a
Linux machine. If you need help to get those particulars working, or more
information, please email me personally and I can help you in depth.

                                                Hope this helps,

                                                        Jon Larabee

On 21 Dec 2001, Kevin Robitaille wrote:

>
>
> Any one out there know good reference for securing a
> Linux 7.2 Server OS. I'm new to using Linux and need
> to lock down a system for use as an IDS Sensor. Any
> help would be appreciated.
>