Re: Locking Down a Linux Box

From: Alvin Oga (alvin.sec@Mail.Linux-Consulting.com)
Date: 12/22/01


Date: Fri, 21 Dec 2001 18:33:11 -0800 (PST)
From: Alvin Oga <alvin.sec@Mail.Linux-Consulting.com>
To: Kevin Robitaille <kevin.robitaille@ergogroup.com>


hi ya kevin

i assume you mean redhat-7.2...

and if its an ids machine are you really sure you wanna
use redhat???
        
To tighten down the server ...
        - choose the right distro for "the job"
        - tighten your kernel
        - apply all known security patches for the distro
        - turn off your unused services ( ie.. ALL of um )
        - turn off/remove unused daemons
        - turn off suid,guid bits
        - no user logins...
        - keep a copy of all binaries and checksums in a safe place
        - test it ... test it regularly...
        - ,,, lots of fun stuff

- which IDS do you plan to use ???

        http://www.Linux-sec.net/IDS

- what is your IDS going to be logging ???
        - to incoming detect port scans ???
        - to detect login attempts ??
        - to detect DoS attacks ??
        - to detect root logins ??
        - to detect network(passwd) sniffers ??
        - to detect successful rootkits installing itself ??
        - to detect rootkits that is hiding/trojaned/dormant ??
        - where is the weakest security link ???
        - we'll mention logfile analysis to add more quirks to the puzzle

        - how fast do you wanna detect a potential breach ???
                - a couple minutes... once a day ??

- whats the budget for your IDS box ???
  if little or no special budget for IDS ...
        - install a pre-configured "secure linux"
        - install tripwire/aide etc... and check it once a day
        - keep a copy of ALL binaries in /bin /sbin /usr/{bin,sbin}
          and libs in a safe place to compare it against the
          possibly hacked/recplaced binaries

c ya
alvin
http://www.Linux-sec.net/

On 21 Dec 2001, Kevin Robitaille wrote:

>

Any one out there know good reference for securing a
Linux 7.2 Server OS. I'm new to using Linux and need
to lock down a system for use as an IDS Sensor. Any
help would be appreciated.



Relevant Pages

  • Re: likely database privilege problem
    ... IDS server team should be able to give you more help on ... I tried setting up an IDS 11.7 server to simulate the problem. ... R&D - IBM Information Management Division ... This .NET provider uses DRDA protocol to connect to IDS database. ...
    (comp.databases.informix)
  • IBM, AMD and Novell Team on Linux Offering for Informix Dynamic Server
    ... IBM, AMD and Novell Team on Linux Offering for Informix Dynamic Server ... code-named "Cheetah." ... The new Linux offering will combine IDS Cheetah, ...
    (comp.databases.informix)
  • IDS, Linux and OOM killer
    ... We have installed IDS 10.00.UC4 on a Linux box, ... The server has 8Gb RAM and 4Gb swap. ... The backup process runs every night, and the problem occurs about twice a month. ...
    (comp.databases.informix)
  • Re: Appeal for Help. NOT Code Red But Is It?
    ... our server immediately responds back to the prober ... What is happening is that the IDS is becomming confused about who the ... each worm that is still on its way from the attacker. ... > and outbound port was 2913. ...
    (Incidents)
  • Re: likely database privilege problem
    ... IDS server support multiple protocols. ... This .NET provider uses DRDA protocol to connect to IDS database. ...
    (comp.databases.informix)