---

LanSystems.com: Secure your box

[ Thanks to Vincent
Hillier
for this link. ]

“This article starts off a series of articles geared towards
securing your system. After being asked plenty of times “How can I
secure my system?” I figured it was time for a series like this
one. These articles are generally geared towards new users, but
might serve as a reference to the experienced too.
Anyhow
someone will benefit from these articles =)”

“Partitioning is often overlooked by many people, but play a key
security role IMO. Any partitions that do NOT need suid binaries,
mount them with the nosuid option! …/home, and /tmp are mounted
with the nosuid option, this is because they do not need to contain
suid binaries. Some local exploits, will throw a suid binary into
/tmp, and can lead to a local compromise within a blink of the eye.
This will stop that.”

“Local security is often overlooked, I will cover some local
security issues below. The first topic I will cover is your BIOS,
this should be passworded, no exceptions. … You should also set
your boot sequence to “C Only” and change it when needed, the
purpose for this is so that a local cracker cannot use a boot disk
to start and mount your file-system. You should also password LILO.
to do this open /etc/lilo.conf in a text editor, and add a
password=XXX entry…”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis