Re: Locking Down a Linux Box
From: Alvin Oga (alvin.sec@Mail.Linux-Consulting.com)Date: 12/22/01
- Previous message: Jason Giglio: "Re: Locking Down a Linux Box"
- In reply to: Kevin Robitaille: "Locking Down a Linux Box"
- Next in thread: Alex Collins: "Re: Locking Down a Linux Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Dec 2001 18:33:11 -0800 (PST) From: Alvin Oga <alvin.sec@Mail.Linux-Consulting.com> To: Kevin Robitaille <kevin.robitaille@ergogroup.com>
hi ya kevin
i assume you mean redhat-7.2...
and if its an ids machine are you really sure you wanna
use redhat???
To tighten down the server ...
- choose the right distro for "the job"
- tighten your kernel
- apply all known security patches for the distro
- turn off your unused services ( ie.. ALL of um )
- turn off/remove unused daemons
- turn off suid,guid bits
- no user logins...
- keep a copy of all binaries and checksums in a safe place
- test it ... test it regularly...
- ,,, lots of fun stuff
- which IDS do you plan to use ???
- what is your IDS going to be logging ???
- to incoming detect port scans ???
- to detect login attempts ??
- to detect DoS attacks ??
- to detect root logins ??
- to detect network(passwd) sniffers ??
- to detect successful rootkits installing itself ??
- to detect rootkits that is hiding/trojaned/dormant ??
- where is the weakest security link ???
- we'll mention logfile analysis to add more quirks to the puzzle
- how fast do you wanna detect a potential breach ???
- a couple minutes... once a day ??
- whats the budget for your IDS box ???
if little or no special budget for IDS ...
- install a pre-configured "secure linux"
- install tripwire/aide etc... and check it once a day
- keep a copy of ALL binaries in /bin /sbin /usr/{bin,sbin}
and libs in a safe place to compare it against the
possibly hacked/recplaced binaries
c ya
alvin
http://www.Linux-sec.net/
On 21 Dec 2001, Kevin Robitaille wrote:
>
Any one out there know good reference for securing a
Linux 7.2 Server OS. I'm new to using Linux and need
to lock down a system for use as an IDS Sensor. Any
help would be appreciated.
- Previous message: Jason Giglio: "Re: Locking Down a Linux Box"
- In reply to: Kevin Robitaille: "Locking Down a Linux Box"
- Next in thread: Alex Collins: "Re: Locking Down a Linux Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
