Securing Linux/Unix Outline

How Secure is Secure?
- Security is an attitude: Healthy Paranoia
- Security is never a "Done Deal"
- Security is a policy: Default Allow or Default Deny
ALWAYS install the OS in a Pre-Secured Environment
Examples of such:
- A LAN protected by a firewall
- A LAN disconnected from the WAN/Internet
- An isolated, self-contained Test LAN
Install the latest security patches, updates and packages
Install the latest version of the SSH/SSL tools
- Zlib http://www.gzip.org/zlib/
- Openssl http://www.openssl.org
- Openssh http://www.openssh.org
Disable ALL unnecessary services
- netstat -a[n]
- fuser -uv [service/protocol] (as root)
- /etc/rc.d/rc.* (Slackware, etc.)
- /etc/rc.d/init.d/* (RedHat, etc.)
- /etc/inetd.conf
- /etc/xinetd*
Secure ALL necessary services
- Use tcp-wrappers
- Use packet-filters (ipfwadm, ipchains, iptables, etc.)
- Sendmail No Relaying
- Apache Limit Access
- DNS Run as NON-root user
Check important file permissions
- Suid, Sgid programs:
  find / \(-perm -004000 -o -perm -002000 \) -type f -print
- /var/log/*
- /etc/*
Watch the system
- /etc/syslog.conf: *.* (or *.debug) /dev/tty12
- /etc/syslog.conf: *.* (or *.debug) @remote.host
- tripwire http://www.tripwire.org/
- COPS http://www.fish.com/cops/
- nmap http://www.insecure.org/nmap/
- snort http://www.snort.org
Watch the news
Watch the sites
Read the books
- Practical UNIX & Internet Security, 2nd Edition ISBN 1-56592-148-8
- Building Internet Firewalls, 2nd Edition ISBN 1-56592-871-7