No subject
Fri Jan 31 06:23:24 EST 2014
>From suter Mon Oct 8 20:56:58 2001
Return-Path: <mdlishum at zerlargal.humbug.org.au>
Received: from diadora.client.uq.net.au (IDENT:root at diadora-2 [10.0.1.2])
by zwitterion.humbug.org.au (8.12.1/8.12.1/Debian -1) with ESMTP id f98AuwKo025077
for <suter at zwitterion.humbug.org.au>; Mon, 8 Oct 2001 20:56:58 +1000
Received: from zerlargal.humbug.org.au (zerlargal.humbug.org.au [210.215.3.29])
by diadora.client.uq.net.au (8.12.1/8.12.1/Debian -1) with ESMTP id f98AuvHa007158
for <suter at zwitterion.humbug.org.au>; Mon, 8 Oct 2001 20:56:57 +1000
Received: from mdlishum by zerlargal.humbug.org.au with local (Exim 2.12 #2)
id 15qXoT-0001m7-00
for general-outgoing at lists.humbug.org.au; Mon, 8 Oct 2001 20:39:09 +1000
Received: from [144.137.137.46] (helo=azure.humbug.org.au ident=mail)
by zerlargal.humbug.org.au with esmtp (Exim 2.12 #2)
id 15qXoR-0001m2-00
for general at lists.humbug.org.au; Mon, 8 Oct 2001 20:39:08 +1000
Received: from aj by azure.humbug.org.au with local (Exim 3.12 #1 (Debian))
id 15qXlU-0002tE-00; Mon, 08 Oct 2001 20:36:04 +1000
Date: Mon, 8 Oct 2001 20:36:04 +1000
To: general at lists.humbug.org.au
Subject: Re: [H-GEN] Security on a linux box
Message-ID: <20011008203604.C10477 at azure.humbug.org.au>
Mail-Followup-To: general at lists.humbug.org.au
References: <5.1.0.14.2.20011008161811.01fae568 at pop.qut.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <5.1.0.14.2.20011008161811.01fae568 at pop.qut.edu.au>; from k.ferrari at qut.edu.au on Mon, Oct 08, 2001 at 04:25:55PM +1000
Organisation: Lacking
X-PGP: http://azure.humbug.org.au/~aj/aj_key.asc
From: Anthony Towns <aj at azure.humbug.org.au>
Precedence: bulk
Reply-To: general at lists.humbug.org.au
X-Loop: general at lists.humbug.org.au
List-Help: <mailto:majordomo at lists.humbug.org.au?subject=help>
List-Post: <mailto:general at lists.humbug.org.au>
List-Subscribe: <mailto: general-request at lists.humbug.org.au?subject=subscribe>
List-Id: semi-serious discussions about Humbug and Unix-related topics <general at lists.humbug.org.au>
List-Unsubscribe: <mailto: general-request at lists.humbug.org.au?subject=unsubscribe>
List-Archive: <http://archive.humbug.org.au/humbug-general/>
Sender: "lists.humbug.org.au Mailing List Manager" <mdlishum at zerlargal.humbug.org.au>
Status: RO
Content-Length: 3476
Lines: 71
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Please observe the list's charter. ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]
On Mon, Oct 08, 2001 at 04:25:55PM +1000, Kristy Ferrari wrote:
> It's also fallen on my head to make sure the linux box is kept
> secure. So what I'd really like is a website or two that have instructions,
> on not necessarily how to use this or that tool to secure a system, but
> where I need to start (and hopefully finish ;) to secure the linux box
> properly. I know basics about how to secure a box using tcp wrappers and
> the like, but I'm guessing that my knowledge is not nearly enough to truly
> secure the box.
_Practical Unix and Internet Security_ (an O'Reilly book) seemed good to
me (and quite thorough), but I'm not sure if it's had a recent update,
or if it covers Linux all that well. If you don't want something
particularly thorough you can probably get by following a couple of
fairly simple rules:
* keep up to date with your vendor's security updates (on a daily
basis, even)
* don't run anything you don't have to and don't allow anyone
any more access to anything than you have to
The two rules are somewhat supportive: the less stuff you run, the less
vendor updates you have to worry about. If you don't know what you're
running, you can use tools like "strobe" to find out (netdiag.deb), and
going through your package list and uninstalling stuff can be a good
idea. Limiting the number of users you have, firewalling out everything
but ITS, not allowing people to login remotely, and similar sorts of thing
might help too.
It's probably not a bad idea to do the installs and the initial
security updates behind a firewall that doesn't let anyone get to you
but a webproxy: there've been reports of standard Red Hat installs being
cracked within a few hours of being attached to the Internet. <bias>Red
Hat's more vulnerable than Debian in this respect since their initial
system has a lot more fancy new software on it (linuxconf, eg), which is
particularly vulnerable to security problems. A bug in a network aware
administration daemon is going to be more of a security problem than a bug
in vi, eg. If you don't include any network aware administration daemons
in your standard install, well...</bias> It might be convenient to do the
Debian install first, download all the Red Hat security updates to it,
then disconnect from the Internet, do a Red Hat CD install, install the
security updates, then reconnect to the Internet.
Anyway, AusCERT's probably the place to see for security
guidance. They have a "Unix Security Checklist" at
http://www.auscert.org.au/Information/Auscert_info/Papers/usc20.html
which probably covers most of the things you'd want to look at. If
you want to do the job really properly (which you probably don't), you
should probably look into setting up some intrusion detection software,
or similar.
Cheers,
aj
--
Anthony Towns <aj at humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Freedom itself was attacked this morning by faceless cowards.
And freedom will be defended.'' Condolences to all involved.
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.
More information about the General
mailing list