Re: a good start to do hardening
From: nickd@nospam.demon.co.ukDate: 12/28/01
- Previous message: svek: "Re: UCB project: Passwords based on Image Recognition"
- In reply to: Marcus: "Re: a good start to do hardening"
- Next in thread: Bruce Cook: "Re: a good start to do hardening"
- Reply: Bruce Cook: "Re: a good start to do hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: nickd@nospam.demon.co.uk Date: Fri, 28 Dec 2001 12:35:54 GMT
Marcus <talos@algonet.se> wrote:
> Thomas wrote:
>> Can anyone tell me a good way to start to do hardening on my Linux
>> machine.
> To simplify what countless of books, whitepapers and personal experience
> on security says
>
> 6 Simple steps to make you system somewhat ultrasecure:
>
> 1) echo "" > /etc/inetd.conf; killall -HUP inetd
> 2) for f in `find / -perm +4000` ; do chmod u-s $f ; done
> 3) for f in `find / -perm +2000` ; do chmod g-s $f ; done
> 4) Download the Openwall kernel patch: http://www.openwall.com/linux/
> 5) Recompile kernel with no loadable module support, and kernel patch
> 6) chroot all non-inetd services
>
> That should do it :)
>
> Note that line (2) and (3) might break some things... You should
> customize them, especially (2) :)
Oh yeah, and (1) is lovely too :)
Try:
http://www.enteract.com/~lspitz/linux.html
http://www.rootprompt.org/article.php3?article=903
http://www.linuxdoc.org/HOWTO/Security-HOWTO.html
-- "Anyone with the naivety to run IIS is, IMHO, automatically suspect when it comes to doing anything technical, such as setting a clock."
- Next message: shadows: "Re: UCB project: Passwords based on Image Recognition"
- Previous message: svek: "Re: UCB project: Passwords based on Image Recognition"
- In reply to: Marcus: "Re: a good start to do hardening"
- Next in thread: Bruce Cook: "Re: a good start to do hardening"
- Reply: Bruce Cook: "Re: a good start to do hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
