[ Thanks to Vincent
Hillier for this link. ]
“This article starts off a series of articles geared towards
securing your system. After being asked plenty of times “How can I
secure my system?” I figured it was time for a series like this
one. These articles are generally geared towards new users, but
might serve as a reference to the experienced too. Anyhow
someone will benefit from these articles =)”
“Partitioning is often overlooked by many people, but play a key
security role IMO. Any partitions that do NOT need suid binaries,
mount them with the nosuid option! …/home, and /tmp are mounted
with the nosuid option, this is because they do not need to contain
suid binaries. Some local exploits, will throw a suid binary into
/tmp, and can lead to a local compromise within a blink of the eye.
This will stop that.”
“Local security is often overlooked, I will cover some local
security issues below. The first topic I will cover is your BIOS,
this should be passworded, no exceptions. … You should also set
your boot sequence to “C Only” and change it when needed, the
purpose for this is so that a local cracker cannot use a boot disk
to start and mount your file-system. You should also password LILO.
to do this open /etc/lilo.conf in a text editor, and add a
password=XXX entry…”