Re: Tutorial for optimizing security on a non-server Linux s…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMRick Herrem at <-
MMMichael Havens at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft
Date:  
To: plug-discuss
Subject: Re: Tutorial for optimizing security on a non-server Linux system
Josef Lowder wrote:
> An recent article stated that most Linux security problems
> are your own fault, and that 92 percent of Linux systems
> have never been infected with a virus.
>
> I have never heard of a virus infecting a Linux system?
> Is there really such a thing? I was under the impression
> that there was no need for anti-virus software for Linux systems.
> Is that an incorrect understanding? If so, what anti-virus software
> is necessary and available for Linux systems?
>
> Also, where might one find a tutorial that takes one step-by-step
> through the process of optimizing security on one's non-server
> Linux system?
>
> I recall when I set up my Mandrake 8.1 system several years ago,
> at that time Mandrake offered some phone support and a tech rep
> took me through several steps to modify certain things on my system
> so that nobody could "hack" into my system when I was online (I have
> only a dial-up connection).
>
> Regrettably, I cannot find my notes recapping what all those steps
> were. Can anybody tell me what steps one should take to "secure"
> a non-server Linux system (or point me to a tutorial)?
>
> Thanks to all for the excellent help everyone on the PLUG list
> always provides.
>
> Joe
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>

<soapbox>
92%, huh? I doubt it's that low.

Worms are the most prevalent form of malware on a Unix/Linux system. A
couple of Apache worms come to mind. I fell prey to one from a long
time ago. There are viruses, but they are extremly limited in what they
can do when you use your system right. 

6 years ago, my Red Hat 5.0 firewall was hit by the Millenium Internet 
Worm.  It was susceptable for many reasons (and I learned quite abit in 
the aftermath of that event), one of which was running services as root. 
      I would like to claim that it was not my fault, but the fact that 
I ran a service as root that was unnecessary means it was my fault. 
How's a noob to know what service is necessary and what is not?  For 
those that do not know: "No service is necessary" unless you have a 
valid reason to keep it on the box.  The workstation I am writing this 
novel from has every service disabled.  Every server I have has all 
services turned off except what is needed for that server to do its job. 
  The services that remain are configured so tightly that only certain 
IP addresses can access the services.


Unix, and Linux, support the concept of separation of priveledge. As
long as you don't run your apps as root, the worst thing you can do is
blow away all the files that you own. This is one of the HUGE problems
with the Windows consumer line (Win95/98/me/xp) - you run the box as
root. XP makes an attempts by defining an admin role and a user role,
unfortunately, most Windows apps were written with no eye towards
security so you have to be an admin to run them, and XP does not allow
you the tools to add access rights to the filesystem for various users
like NT Server does. This is what allows malware to proliferate and why
Unix, with its "outdated, archaic security model" continues to be much
more secure than Windows. (The above does not apply to the "easy to
use" Linux distro that runs as root by default.)

I am in the process of revising the Center for Internet Security's Red
Hat Linux Benchmark. It is the single most comprehensive document on
securing a box I have ever seen, and have been using it for a couple
years to secure Linux, Solaris and Windows systems. It even comes with
a scoring tool that will rate you on how well you secured your system.
I highly recommend chacking it out: <http://cisecurity.org/> Not only
does it tell you what to do, it tells you why. The scoring tool is
non-invasive and will make no changes on your system - they leave that
up to you.

I scripted the benchmark for my Debian servers (pretty easy - you'll see
once you download the benchmark - they give you the code to create the
script). I now lockdown my Debian boxes by running 2 scripts.

Another great learning experience is Bastille - it will ask you
questions and harden your system based on your answers. Bastille is
available in RPM format is is a perl script. It will make changes on
your system.

Finally, the aforementioned Securing and Optimizing Red Hat Linux by
openna is pretty good. Very long read (yes, even longer than this
post), but still good.
</soapbox>

--
George Toft, CISSP, MSIS
AGD,LLC
www.agdllc.com
623-203-1760

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: How to clear cache?Re: Your favorite distro on tap!->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)