Josef Lowder wrote: > An recent article stated that most Linux security problems > are your own fault, and that 92 percent of Linux systems > have never been infected with a virus. > > I have never heard of a virus infecting a Linux system? > Is there really such a thing? I was under the impression > that there was no need for anti-virus software for Linux systems. > Is that an incorrect understanding? If so, what anti-virus software > is necessary and available for Linux systems? > > Also, where might one find a tutorial that takes one step-by-step > through the process of optimizing security on one's non-server > Linux system? > > I recall when I set up my Mandrake 8.1 system several years ago, > at that time Mandrake offered some phone support and a tech rep > took me through several steps to modify certain things on my system > so that nobody could "hack" into my system when I was online (I have > only a dial-up connection). > > Regrettably, I cannot find my notes recapping what all those steps > were. Can anybody tell me what steps one should take to "secure" > a non-server Linux system (or point me to a tutorial)? > > Thanks to all for the excellent help everyone on the PLUG list > always provides. > > Joe > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > 92%, huh? I doubt it's that low. Worms are the most prevalent form of malware on a Unix/Linux system. A couple of Apache worms come to mind. I fell prey to one from a long time ago. There are viruses, but they are extremly limited in what they can do when you use your system right. 6 years ago, my Red Hat 5.0 firewall was hit by the Millenium Internet Worm. It was susceptable for many reasons (and I learned quite abit in the aftermath of that event), one of which was running services as root. I would like to claim that it was not my fault, but the fact that I ran a service as root that was unnecessary means it was my fault. How's a noob to know what service is necessary and what is not? For those that do not know: "No service is necessary" unless you have a valid reason to keep it on the box. The workstation I am writing this novel from has every service disabled. Every server I have has all services turned off except what is needed for that server to do its job. The services that remain are configured so tightly that only certain IP addresses can access the services. Unix, and Linux, support the concept of separation of priveledge. As long as you don't run your apps as root, the worst thing you can do is blow away all the files that you own. This is one of the HUGE problems with the Windows consumer line (Win95/98/me/xp) - you run the box as root. XP makes an attempts by defining an admin role and a user role, unfortunately, most Windows apps were written with no eye towards security so you have to be an admin to run them, and XP does not allow you the tools to add access rights to the filesystem for various users like NT Server does. This is what allows malware to proliferate and why Unix, with its "outdated, archaic security model" continues to be much more secure than Windows. (The above does not apply to the "easy to use" Linux distro that runs as root by default.) I am in the process of revising the Center for Internet Security's Red Hat Linux Benchmark. It is the single most comprehensive document on securing a box I have ever seen, and have been using it for a couple years to secure Linux, Solaris and Windows systems. It even comes with a scoring tool that will rate you on how well you secured your system. I highly recommend chacking it out: Not only does it tell you what to do, it tells you why. The scoring tool is non-invasive and will make no changes on your system - they leave that up to you. I scripted the benchmark for my Debian servers (pretty easy - you'll see once you download the benchmark - they give you the code to create the script). I now lockdown my Debian boxes by running 2 scripts. Another great learning experience is Bastille - it will ask you questions and harden your system based on your answers. Bastille is available in RPM format is is a perl script. It will make changes on your system. Finally, the aforementioned Securing and Optimizing Red Hat Linux by openna is pretty good. Very long read (yes, even longer than this post), but still good. -- George Toft, CISSP, MSIS AGD,LLC www.agdllc.com 623-203-1760 --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss