Re: a good start to do hardening
From: Bill Unruh (unruh@physics.ubc.ca)Date: 12/29/01
- Next message: Ivan Kelly: "secure MTA"
- Previous message: John Woodstock: "Re: small secure POP3 servers?"
- In reply to: Marcus: "Re: a good start to do hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: unruh@physics.ubc.ca (Bill Unruh) Date: 29 Dec 2001 20:32:27 GMT
In <3C2C4C05.3050509@algonet.se> Marcus <talos@algonet.se> writes:
]Thomas wrote:
]> Hi!
]> Can anyone tell me a good way to start to do hardening on my Linux
]> machine.
]>
]> Thanks a lot!
]>
]>
]>
]To simplify what countless of books, whitepapers and personal experience
]on security says
]6 Simple steps to make you system somewhat ultrasecure:
]1) echo "" > /etc/inetd.conf; killall -HUP inetd
]2) for f in `find / -perm +4000` ; do chmod u-s $f ; done
]3) for f in `find / -perm +2000` ; do chmod g-s $f ; done
]4) Download the Openwall kernel patch: http://www.openwall.com/linux/
]5) Recompile kernel with no loadable module support, and kernel patch
]6) chroot all non-inetd services
Or perhaps just place a shotgun against the case and fire it. Your
suggestions will make the computer inoperable and useless.
Security is not some little formula, it is trying to see what you can do
that you want to do in a safe way.
a) Keep up with your distribution's safety patches. This is probably the
most important thing, beside which all other's are of secondary importance.
b) Do not run any services you do not need, whether in /etc/inetd.conf
or /etc/xinetd.d or in the startup scripts.
c) Keep your eyes open for any strange behavour and ivestigate why.
- Next message: Ivan Kelly: "secure MTA"
- Previous message: John Woodstock: "Re: small secure POP3 servers?"
- In reply to: Marcus: "Re: a good start to do hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
