Re: Linux Hardening

From: Scott Gifford (sgifford@suspectclass.com)
Date: 05/25/02


To: <security-basics@securityfocus.com>, <focus-linux@securityfocus.com>
From: Scott Gifford <sgifford@suspectclass.com>
Date: 25 May 2002 02:24:53 -0400


"Koen" <koen4security@hotmail.com> writes:

> > Anyone know where I can find step-by-step documentation
> > on Hardening RH Linux boxes? I usually just use Bastille
> > Linux to do the hardening but I'd also like a better
> > understanding to be able to also perform the task manually
> > as well.

[...]

> What I do first after installation is an 'rpm -qa > rpmfiles' and check out
> every rpm that's in there and see wether I really do need it. If not it's
> easily removed with rpm -e.

Also:

Be especially cautious of programs which have setuid/setgid
permissions. Use:

     find /usr/bin -perm -02000 -o -perm -04000 -ls

to do this, then use "rpm -qf" to figure out which RPMs they come
from, and remove RPMs that have setXid files you don't need. Many
setXid files aren't really necessary for many machines; for example,
on machines which are servers, I remove the setXid bits from ping and
traceroute. This makes it so that only root can use them, but it
means that any bugs which are later found in them aren't exploitable.

Be equally cautious of anything which has a port open. Use netstat
-ap --inet to see who has Internet ports open, and if you find
processes that are in the LISTEN state that shouldn't be, either stop
those daemons from starting and kill them, or else uninstall the RPM
that they're in.

Finally, be cautious with what software you install. Look at the
security track record of each server that you're using, and if it's
spotty, consider using something else instead.

Good luck,

----ScottG.