Re: Locking Down a Linux Box

From: Jon Larabee (
Date: 12/21/01

Date: Fri, 21 Dec 2001 17:45:25 +0000 (/etc/localtime)
From: Jon Larabee <>
To: Kevin Robitaille <>


1) Institute a firewalling policy either using either ipchains, or perhaps
ipfilter if you want to use stateful packet filtering.

2) Kill ALL non needed services from inetd. Many come enabled by default,
and are entirely insecure. Things like pop3 servers, rpc, ftpd, telnetd
ect all can be disabled from either the rc startup files (found in etc) or
in inetd.conf
often found in /etc/inetd.conf

3) Install SSHD 3.x and set it to run, so you can remotely access and
congfigure things.

4) If you want, openwall patches, or patches for the kernel based on those
patches, are nice additions to deal with buffer overflows, gcc trampolines
and the like.

5) Enabling tcp_syncookies and rp_filter are good ideas. Most distros have
those enabled by default however.

These are the first things that come to mind when I think of securing a
Linux machine. If you need help to get those particulars working, or more
information, please email me personally and I can help you in depth.

                                                Hope this helps,

                                                        Jon Larabee

On 21 Dec 2001, Kevin Robitaille wrote:

> Any one out there know good reference for securing a
> Linux 7.2 Server OS. I'm new to using Linux and need
> to lock down a system for use as an IDS Sensor. Any
> help would be appreciated.

Relevant Pages

  • Re: Bad sectors... how bad?
    ... > Dude, linux is free, if MS want's to start giving away their OS's I'll ... >>> and the $100 upgrade is that the upgrade looks for previous installs. ... > online to fully update all the patches. ... >> So when a vulnerability is found you want to remain vulnerable for 6 ...
  • RE: on patches, for Linux, for Windows, for VMS.
    ... Subject: OT: on patches, for Linux, for Windows, for VMS. ... These new security patches need to be ...
  • Re: HELP: RH 7.2 box hacked
    ... Your Linux, UNIX, etc. box has been cracked. ... WHILE OFFLINE install all the patches. ... For Linux and UNIX consultants in your area check These: ...
  • Re: Help!! Have I been attacked/compromised????
    ... Yesterday, I noticed strange messages at startup, which ... WHILE OFFLINE install all the patches. ... For Linux and UNIX consultants in your area check These: ...
  • Re: [SLE] Not So Fast: Linux on the Desktop
    ... > patches' to be downloaded if you want it to be secure against any newly ... Many of thier security problems they brought upon thier own heads... ... That seems also to be the biggest problems for Linux users to accept ... about windows products, and also that windows users not only accept ...