- securing a Unix system
- Posted by Paul Moge on September 23rd, 2003
hi there,
I know this is a pretty general question but I'm just looking for some
basics and it doesn't have to be specific to any one type of system.
How would you go about securing a Unix system? If you can, please
provide specific configurations, tools and procedures.
thanks in advance.
-Paul M
- Posted by Dave Hinz on September 23rd, 2003
On Tue, 23 Sep 2003 02:37:00 GMT, Paul Moge <paulm73@adelphia.net> wrote:
Answers will be very system dependant.
I'd close down ports that aren't needed, turn off access that isn't
needed, lock users out of doing things, limit root access, install
sudo, chroot, lots of things. If you could give more examples of
what you're wanting to know, better specifics can be given.
Dave Hinz
- Posted by Adam Price on September 23rd, 2003
In news:glObb.2679$iT4.1935084@news1.news.adelphia.ne t,
Paul Moge <paulm73@adelphia.net> typed:
First I would hire a professional rather than posting on a newsgroup ;-).
Please be a bit more specific or go out and buy a book.
You might try this one...
http://safari.oreilly.com/?XmlId=0-596-00323-4
Hope this helps
Adam
- Posted by UnixFan on September 23rd, 2003
Paul Moge <paulm73@adelphia.net> wrote in message news:<glObb.2679$iT4.1935084@news1.news.adelphia.n et>...
First, disable those unnecessary network services. Many network
services could used for attacking the system on the network, such as
sendmail, which has a bad history of security.
Then, think about some intrusion detection software, such as Tripwire
or WZFileGuard: the commercial version of Tripwire gives you the
capability to centrally manage the configuration on multiple servers,
however, to my experience, Tripwire is very difficult to tune: if you
want to detect all new setuid programs, for example, you will very
probably receive many,many,many warnings in reports, which could
greatly reduce the efficiency of penetration detection. In the other
hand, WZFileGuard is a lot more easy to tune and is very efficient in
detection of those security penetration events it wants detect, but
you will not have the capability to manage it centrally, everything
needs be done on the local machine.
- Posted by Joe Blow on September 24th, 2003
Paul Moge <paulm73@adelphia.net> wrote in message news:<glObb.2679$iT4.1935084@news1.news.adelphia.n et>...
Here are a few ideas (this is not a complete list by any means):
1. First, make sure your operating system patches are kept
up-to-date, especially security related patches. These are generally
available from your vendor's web site.
2. Disable daemons/services that you are not using. Some daemons are
started via the "rc" scripts in /etc/rc?.d. These can be disabled by
renaming the particular file. Daemons that use inetd can be disabled
by commenting them out in the /etc/inetd.conf file.
3. Secure your network settings to reduce the threat from a remote
attack. For example, you should disable forwarding of broadcast
packets and source routed packets. Sun Solaris has a script called
nddconfig which will do this.
4. Use encryption to protect remote connections to and from your
system. You should use ssh and scp/sftp instead of telnet and ftp so
that passwords cannot be sniffed off the network.
There is a very extensive Unix security checklist at:
http://www.cert.org/tech_tips/usc20_full.html#iitop
Hope this helps.
Kevin Stroud
- Posted by Joe Blow on September 25th, 2003
X-No-archive: yes
Paul Moge <paulm73@adelphia.net> wrote in message news:<glObb.2679$iT4.1935084@news1.news.adelphia.n et>...
Here are a few ideas (this is not a complete list by any means):
1. First, make sure your operating system patches are kept
up-to-date, especially security related patches. These are generally
available from your vendor's web site.
2. Disable daemons/services that you are not using. Some daemons are
started via the "rc" scripts in /etc/rc?.d. These can be disabled by
renaming the particular file. Daemons that use inetd can be disabled
by commenting them out in the /etc/inetd.conf file.
3. Secure your network settings to reduce the threat from a remote
attack. For example, you should disable forwarding of broadcast
packets and source routed packets. Solaris has a script called
nddconfig which will do this.
4. Use encryption to protect remote connections to and from your
system. You should use ssh and scp/sftp instead of telnet and ftp so
that passwords cannot be sniffed off the network.
There is a very extensive Unix security checklist at:
http://www.cert.org/tech_tips/usc20_full.html#iitop
Hope this helps.
- Posted by James T. Dennis on September 29th, 2003
Paul Moge <paulm73@adelphia.net> wrote:
I have an outline for a talk I gave on Linux Security Tips at PC Expo
(TechXNY) a couple weeks ago. It's one my Wiki pages at:
http://www.starshine.org/SysadMoin/m...uxSecurityTips
Obviously it is Linux specific; also it's just the titles and bullet
points to a set of slides for a talk. I'll fill it out with more
content. (Being a Wiki site, anyone else can come along and contribute
their two cents, as well). For now there's very little explanation,
and it might seem "fluffy" and useless to you. However, there are some
links:
http://www.starshine.org/SysadMoin/m.../LinuxSecurity
... that point to other Linux resources (HOWTOs and Guides). Most of
that applies to other forms of UNIX as well.
BTW: Bastille --- a hardening script --- also runs on HP-UX and MacOS X.
--
Jim Dennis,
Starshine: Signed, Sealed, Delivered
- Posted by Joe Blow on October 1st, 2003
Paul Moge <paulm73@adelphia.net> wrote in message news:<glObb.2679$iT4.1935084@news1.news.adelphia.n et>...
Here are a few ideas (this is not a complete list by any means):
1. First, make sure your operating system patches are kept
up-to-date, especially security related patches. These are generally
available from your vendor's web site.
2. Disable daemons/services that you are not using. Some daemons are
started via the "rc" scripts in /etc/rc?.d. These can be disabled by
renaming the particular file. Daemons that use inetd can be disabled
by commenting them out in the /etc/inetd.conf file.
3. Secure your network settings to reduce the threat from a remote
attack. For example, you should disable forwarding of broadcast
packets and source routed packets. Sun Solaris has a script called
nddconfig which will do this.
4. Use encryption to protect remote connections to and from your
system. You should use ssh and scp/sftp instead of telnet and ftp so
that passwords cannot be sniffed off the network.
There is a very extensive Unix security checklist at:
http://www.cert.org/tech_tips/usc20_full.html#iitop
Hope this helps.
- Posted by Roger Marquis on October 26th, 2003
James T. Dennis <jadestar@idiom.com> wrote:
Depends on the OS, applications, local users, etc. If it's Solaris
there's an outline for 2.6 at
<http://www.roble.com/docs/secure_solaris.html>.
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
