Re: a good start to do hardening
From: Marcus (talos@algonet.se)Date: 12/28/01
- Next message: svek: "Re: UCB project: Passwords based on Image Recognition"
- Previous message: N Harring: "Re: Take the 2001 System Administrator Salary Survey"
- In reply to: Thomas: "a good start to do hardening"
- Next in thread: nickd@nospam.demon.co.uk: "Re: a good start to do hardening"
- Reply: nickd@nospam.demon.co.uk: "Re: a good start to do hardening"
- Reply: Bill Unruh: "Re: a good start to do hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Marcus <talos@algonet.se> Date: Fri, 28 Dec 2001 11:40:05 +0100
Thomas wrote:
> Hi!
> Can anyone tell me a good way to start to do hardening on my Linux
> machine.
>
> Thanks a lot!
>
>
>
To simplify what countless of books, whitepapers and personal experience
on security says
6 Simple steps to make you system somewhat ultrasecure:
1) echo "" > /etc/inetd.conf; killall -HUP inetd
2) for f in `find / -perm +4000` ; do chmod u-s $f ; done
3) for f in `find / -perm +2000` ; do chmod g-s $f ; done
4) Download the Openwall kernel patch: http://www.openwall.com/linux/
5) Recompile kernel with no loadable module support, and kernel patch
6) chroot all non-inetd services
That should do it :)
Note that line (2) and (3) might break some things... You should
customize them, especially (2) :)
- Next message: svek: "Re: UCB project: Passwords based on Image Recognition"
- Previous message: N Harring: "Re: Take the 2001 System Administrator Salary Survey"
- In reply to: Thomas: "a good start to do hardening"
- Next in thread: nickd@nospam.demon.co.uk: "Re: a good start to do hardening"
- Reply: nickd@nospam.demon.co.uk: "Re: a good start to do hardening"
- Reply: Bill Unruh: "Re: a good start to do hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
