Re: Linux hardening
From: AragonX (aragonx_at_dcsnow.com)
Date: Thu, 25 Aug 2005 14:10:51 -0400 (EDT) To: email@example.com
<quote who="paavan shah">
> As far as linux hardening is concerned: I would like to
> summarize,group members please add your notes to it:
> 1)Installing your servers with bare minimum packages and see to it
> that only needed services are running.
> 2)Before you install a new package on your production do check for
> known vulnerabilities for that package and if possible always get the
> latest package.always verfiy the integrity of the package using
> 3)With integrity checkers like tripwire periodically check your
> essential binaries and configuration files for any modifications.
> 4)DO use log analyzers like logcheck and swath to detect important events.
> 5)Periodically check your system for rootkits using rootkit hunter and
> 6)Regulary backup your essential data to other machines or hard disks
> such that in case of failure the data can be recovered.
> 7)get packages from autorized sites only.
> 8)Keep a watch for upcoming attacks and vulnerabilites for the
> softwares installed on ur machine.Patch them and keep them uptodate.
> 9)check your system for possible viruses using antivirus like clamAV.
> List,if more points are to be added then do add to the summary.
I believe you missed the three most important points.
1) Harden your server with tight ACLs (SELinux or LIDS).
2) Use a good firewall.
3) Secure your web apps.
More and more, the web apps are becoming the preferred intrusion method.
No need for port scans and since there are so many languages they can be
written in, it's hard to keep track of the vulnerabilities. Not to
mention the fact that many of them don't have an announce list so you have
to subscribe to the general one. Then you have to wade through all the
garbage just to watch for updates...