RootPrompt.org: Armoring LinuxApr 24, 2000, 15:40 (0 Talkback[s])
(Other stories by Lance Spitzner)
[ Thanks to Noel for this link. ]
"Organizations throughout the world are adopting Linux as their production platform. By connecting to the Internet to provide critical services, they also become targets of opportunity. To help protect these Linux systems, this article covers the basics of securing a Linux box. The examples provided here are based on Red Hat 6.0, but should apply to most Linux distributions."
"The best place to start in armoring your system is at the beginning, OS installation. Since this is a production system, you cannot trust any previous installations. You want to start with a clean installation, where you can guarantee the system integrity. Place your system in an isolated network. At no time do you want to connect this box to an active network nor the Internet, exposing the system to a possible compromise. I personally witnessed a system hacked by a script kiddie within 15 minutes of connecting to the Internet. To get critical files and patches later, you will need a second box that acts as a go between. This second box will download files from the Internet, then connect to your isolated, configuration "network" to transfer critical files or burn the patches to a CDROM."
"Once you have loaded the installation package, patches, and rebooted, we are now ready to armor the operating system. Armoring consists mainly of turning off services, adding logging, tweaking several files, and configuring TCP Wrappers."