Re: Linux Hardening

From: Pierre Spielmann (mlists@pierre-spielmann.de)
Date: 05/25/02


Date: Sat, 25 May 2002 12:44:39 +0200
From: Pierre Spielmann <mlists@pierre-spielmann.de>
To: focus-linux@securityfocus.com


sorry for the late posting, but my first mail was rejected due to
cross posting ...

On Wed, May 22, 2002 at 12:29:14PM -0400, Fallon, Benjamin wrote:
> Anyone know where I can find step-by-step documentation
> on Hardening RH Linux boxes? I usually just use Bastille
> Linux to do the hardening but I'd also like a better
> understanding to be able to also perform the task manually
> as well.

I am still a beginner in the security field, but learning; there might
be much more and much better documentation out in the web, but...

There is a book about securing and optimizing RH Linux 6.2 (about 500
pages), which should give you some hints where to start. It is freely
available:
http://www.tldp.org/guides.html
look for
title : "Securing and Optimizing Linux Red Hat Edition - A Hands on Guide"
author: Gerhard Mourani, <gmourani@openna.com>

Some things mentioned there will never outdate, but anyhow, you can buy a
more recent version on the websites of the original autor(s):
http://www.openna.com/

There should also be some detailed explanations of what bastille is doing
in the documentation - I never used it, but I read somewhere, that there
is an command-line-option for "beginners" to explain step-by-step what the
scripts are going to do next. (This is also one of the things in my
to-learn-list.)

There is also a really big book about securing linux (nearly 900 pages)
(www.sams.com)
title: Maximum Linux Security
by: John Ray
ISBN: 0672321343
I don't know it (yet), but "Maximum Security" from the same editor is
really a nice introduction about IT security in general. (No codes given,
but a lot of links to the internet-resouces.)

Otherwise you can also have a look at www.guardiandigital.com, they are
the publisher of www.linuxsecurity.com and they published also a really
secured linux-distribution: www.engardelinux.org (much more than simply
hardening scripts! It is _designed_ to be secure.) Try out EngardeLinux,
look how it works and you will have a much better feeling how to set up
a secure Linux.
(Please no flame! I know that the bastille script is a good tool, but as
I understand this is only one part of a secure setup.)
Have a look at the resources on theier websites... you can find a lot of
links to interesting articles.

Hope I could give some helpful tips. If someone has some more suggestions,
references or reading tips, share them with all the beginners to security
questions and post them!

Pierre Spielmann

> Thanks,
>
> Ben



Relevant Pages

  • RE: Ten least secure programs
    ... contrary to the statistics. ... corrected virtually all current and yet to be discovered security issues ... with Linux. ... Subject: Ten least secure programs ...
    (Security-Basics)
  • Re: Ten least secure programs
    ... Subject: Ten least secure programs ... only someone that's hard up to bash Linux users would assume this. ... > corrected virtually all current and yet to be discovered security issues ...
    (Security-Basics)
  • RE: [Full-Disclosure] RE: Linux (in)security
    ... We simply use alternate approaches to security. ... Microsoft for their platform of choice, so, we are simply changing with the ... I have never heard of a Linux vendor saying that Linux is "secure out of the ...
    (Full-Disclosure)
  • Re: Ten least secure programs
    ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
    (Security-Basics)
  • Re: Viruses and hackers make Windows more secure - Gates
    ... >of the box more secure than a typical new Linux distro. ... Despite M$'s assurance that they would rethink security etc etc ... When you take into account all the exploits over the last couple of ...
    (alt.computer.security)