Re: Tutorial for optimizing security on a non-server Linux …

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MMichael Havens at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft
Date:  
To: plug-discuss
Old-Topics: Re: Re: Tutorial for optimizing security on a non-server Linux system
Subject: Re: Tutorial for optimizing security on a non-server Linux system (possible installfest activity?)
Michael Havens wrote:
>
>
>
> :-)Mike(-:
> 
>>     I would like to claim that it was not my fault, but the fact that 
>>I ran a service as root that was unnecessary means it was my fault.

>
>
> --Well, seeing as how I got a job that pays some money (yeaaaaah) and will be able to get DSL soon it is a good thing that people are helping me learn to lock down my system.
>
>
>>highly recommend chacking it out: <http://cisecurity.org/> Not only
>>does it tell you what to do, it tells you why. The scoring tool is
>>non-invasive and will make no changes on your system - they leave that
>>up to you.
>
>
>>I scripted the benchmark for my Debian servers (pretty easy - you'll see
>>once you download the benchmark - they give you the code to create the
>>script). I now lockdown my Debian boxes by running 2 scripts.
>
>
> --downloaded from cisecurity?

No - I took the PDF, and scraped the commands and pasted them into vi.
The result is a script (after I put #!/bin/bash on the first line).


>
>>Another great learning experience is Bastille - it will ask you
>>questions and harden your system based on your answers. Bastille is
>>available in RPM format is is a perl script. It will make changes on
>>your system.
>
>
> -- I would think the cisecurity option would be a better learning opportunity if I can download it for debian (fakeroot alien -r <rpm package>?)

For maximum learning, go through the manual. Scrape the PDF and paste
the commands if you have to. Go through the manual. Go through the
manual. Did I say "go through the manual?"

You need to know what you are doing - not run some George-O-Matic(TM)
script and declare yourself secure. Security is a journey, not a
destination.

Perhaps this would make an appropriate installfest side activity? Thoughts?


> Finally, the aforementioned Securing and Optimizing Red Hat Linux by
> openna is pretty good. Very long read (yes, even longer than this
> post), but still good.
> </soapbox>
>
> --What is this 'openna'?


See previous post in this thread.

--
George Toft, CISSP, MSIS
AGD,LLC
www.agdllc.com
623-203-1760

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: programs crashingRe: Tutorial for optimizing security on a non-server Linux system (possible installfest activity?)->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)