|
Home > Archive > Unix administration > January 2004 > securing a Unix system
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
securing a Unix system
|
|
| Paul Moge 2004-01-23, 5:03 pm |
| hi there,
I know this is a pretty general question but I'm just looking for some
basics and it doesn't have to be specific to any one type of system.
How would you go about securing a Unix system? If you can, please
provide specific configurations, tools and procedures.
thanks in advance.
-Paul M
| |
| Dave Hinz 2004-01-23, 5:03 pm |
| On Tue, 23 Sep 2003 02:37:00 GMT, Paul Moge <paulm73@adelphia.net> wrote:quote:
> hi there,
> I know this is a pretty general question but I'm just looking for some
> basics and it doesn't have to be specific to any one type of system.
Answers will be very system dependant.quote:
>
> How would you go about securing a Unix system? If you can, please
> provide specific configurations, tools and procedures.
I'd close down ports that aren't needed, turn off access that isn't
needed, lock users out of doing things, limit root access, install
sudo, chroot, lots of things. If you could give more examples of
what you're wanting to know, better specifics can be given.
Dave Hinz
| |
| Adam Price 2004-01-23, 5:03 pm |
| In news:glObb.2679$iT4.1935084@news1.news.adelphia.net,
Paul Moge <paulm73@adelphia.net> typed:quote:
> hi there,
> I know this is a pretty general question but I'm just looking for
> some basics and it doesn't have to be specific to any one type of
> system.
>
> How would you go about securing a Unix system? If you can, please
> provide specific configurations, tools and procedures.
>
> thanks in advance.
>
> -Paul M
First I would hire a professional rather than posting on a newsgroup ;-).
Please be a bit more specific or go out and buy a book.
You might try this one...
http://safari.oreilly.com/?XmlId=0-596-00323-4
Hope this helps
Adam
| |
| UnixFan 2004-01-23, 5:03 pm |
| Paul Moge <paulm73@adelphia.net> wrote in message news:<glObb.2679$iT4.1935084@news1.news.adelphia.net>...quote:
> hi there,
> I know this is a pretty general question but I'm just looking for some
> basics and it doesn't have to be specific to any one type of system.
>
> How would you go about securing a Unix system? If you can, please
> provide specific configurations, tools and procedures.
>
> thanks in advance.
>
> -Paul M
First, disable those unnecessary network services. Many network
services could used for attacking the system on the network, such as
sendmail, which has a bad history of security.
Then, think about some intrusion detection software, such as Tripwire
or WZFileGuard: the commercial version of Tripwire gives you the
capability to centrally manage the configuration on multiple servers,
however, to my experience, Tripwire is very difficult to tune: if you
want to detect all new setuid programs, for example, you will very
probably receive many,many,many warnings in reports, which could
greatly reduce the efficiency of penetration detection. In the other
hand, WZFileGuard is a lot more easy to tune and is very efficient in
detection of those security penetration events it wants detect, but
you will not have the capability to manage it centrally, everything
needs be done on the local machine.
| |
| Joe Blow 2004-01-23, 5:03 pm |
| Paul Moge <paulm73@adelphia.net> wrote in message news:<glObb.2679$iT4.1935084@news1.news.adelphia.net>...quote:
> hi there,
> I know this is a pretty general question but I'm just looking for some
> basics and it doesn't have to be specific to any one type of system.
>
> How would you go about securing a Unix system? If you can, please
> provide specific configurations, tools and procedures.
>
> thanks in advance.
>
> -Paul M
Here are a few ideas (this is not a complete list by any means):
1. First, make sure your operating system patches are kept
up-to-date, especially security related patches. These are generally
available from your vendor's web site.
2. Disable daemons/services that you are not using. Some daemons are
started via the "rc" scripts in /etc/rc?.d. These can be disabled by
renaming the particular file. Daemons that use inetd can be disabled
by commenting them out in the /etc/inetd.conf file.
3. Secure your network settings to reduce the threat from a remote
attack. For example, you should disable forwarding of broadcast
packets and source routed packets. Sun Solaris has a script called
nddconfig which will do this.
4. Use encryption to protect remote connections to and from your
system. You should use ssh and scp/sftp instead of telnet and ftp so
that passwords cannot be sniffed off the network.
There is a very extensive Unix security checklist at:
http://www.cert.org/tech_tips/usc20_full.html#iitop
Hope this helps.
Kevin Stroud
| |
| Joe Blow 2004-01-23, 5:03 pm |
| X-No-archive: yes
Paul Moge <paulm73@adelphia.net> wrote in message news:<glObb.2679$iT4.1935084@news1.news.adelphia.net>...quote:
> hi there,
> I know this is a pretty general question but I'm just looking for some
> basics and it doesn't have to be specific to any one type of system.
>
> How would you go about securing a Unix system? If you can, please
> provide specific configurations, tools and procedures.
>
> thanks in advance.
>
> -Paul M
Here are a few ideas (this is not a complete list by any means):
1. First, make sure your operating system patches are kept
up-to-date, especially security related patches. These are generally
available from your vendor's web site.
2. Disable daemons/services that you are not using. Some daemons are
started via the "rc" scripts in /etc/rc?.d. These can be disabled by
renaming the particular file. Daemons that use inetd can be disabled
by commenting them out in the /etc/inetd.conf file.
3. Secure your network settings to reduce the threat from a remote
attack. For example, you should disable forwarding of broadcast
packets and source routed packets. Solaris has a script called
nddconfig which will do this.
4. Use encryption to protect remote connections to and from your
system. You should use ssh and scp/sftp instead of telnet and ftp so
that passwords cannot be sniffed off the network.
There is a very extensive Unix security checklist at:
http://www.cert.org/tech_tips/usc20_full.html#iitop
Hope this helps.
| |
| James T. Dennis 2004-01-23, 5:04 pm |
| Paul Moge <paulm73@adelphia.net> wrote:quote:
> hi there,
> I know this is a pretty general question but I'm just looking for some
> basics and it doesn't have to be specific to any one type of system.
quote:
> How would you go about securing a Unix system? If you can, please
> provide specific configurations, tools and procedures.
quote:
> thanks in advance.
> -Paul M
I have an outline for a talk I gave on Linux Security Tips at PC Expo
(TechXNY) a couple weeks ago. It's one my Wiki pages at:
http://www.starshine.org/SysadMoin/...nuxSecurityTips
Obviously it is Linux specific; also it's just the titles and bullet
points to a set of slides for a talk. I'll fill it out with more
content. (Being a Wiki site, anyone else can come along and contribute
their two cents, as well). For now there's very little explanation,
and it might seem "fluffy" and useless to you. However, there are some
links:
http://www.starshine.org/SysadMoin/...i/LinuxSecurity
... that point to other Linux resources (HOWTOs and Guides). Most of
that applies to other forms of UNIX as well.
BTW: Bastille --- a hardening script --- also runs on HP-UX and MacOS X.
--
Jim Dennis,
Starshine: Signed, Sealed, Delivered
| |
| Joe Blow 2004-01-23, 5:04 pm |
| Paul Moge <paulm73@adelphia.net> wrote in message news:<glObb.2679$iT4.1935084@news1.news.adelphia.net>...quote:
> hi there,
> I know this is a pretty general question but I'm just looking for some
> basics and it doesn't have to be specific to any one type of system.
>
> How would you go about securing a Unix system? If you can, please
> provide specific configurations, tools and procedures.
>
> thanks in advance.
>
> -Paul M
Here are a few ideas (this is not a complete list by any means):
1. First, make sure your operating system patches are kept
up-to-date, especially security related patches. These are generally
available from your vendor's web site.
2. Disable daemons/services that you are not using. Some daemons are
started via the "rc" scripts in /etc/rc?.d. These can be disabled by
renaming the particular file. Daemons that use inetd can be disabled
by commenting them out in the /etc/inetd.conf file.
3. Secure your network settings to reduce the threat from a remote
attack. For example, you should disable forwarding of broadcast
packets and source routed packets. Sun Solaris has a script called
nddconfig which will do this.
4. Use encryption to protect remote connections to and from your
system. You should use ssh and scp/sftp instead of telnet and ftp so
that passwords cannot be sniffed off the network.
There is a very extensive Unix security checklist at:
http://www.cert.org/tech_tips/usc20_full.html#iitop
Hope this helps.
| |
|
|
|
|
|