LanSystems.com: Secure your boxJul 31, 2000, 16:58 (0 Talkback[s])
(Other stories by Vincent Hillier)
[ Thanks to Vincent Hillier for this link. ]
"This article starts off a series of articles geared towards securing your system. After being asked plenty of times "How can I secure my system?" I figured it was time for a series like this one. These articles are generally geared towards new users, but might serve as a reference to the experienced too. Anyhow someone will benefit from these articles =)"
"Partitioning is often overlooked by many people, but play a key security role IMO. Any partitions that do NOT need suid binaries, mount them with the nosuid option! .../home, and /tmp are mounted with the nosuid option, this is because they do not need to contain suid binaries. Some local exploits, will throw a suid binary into /tmp, and can lead to a local compromise within a blink of the eye. This will stop that."
"Local security is often overlooked, I will cover some local security issues below. The first topic I will cover is your BIOS, this should be passworded, no exceptions. ... You should also set your boot sequence to "C Only" and change it when needed, the purpose for this is so that a local cracker cannot use a boot disk to start and mount your file-system. You should also password LILO. to do this open /etc/lilo.conf in a text editor, and add a password=XXX entry..."