“The purpose of this paper is to describe necessary measures
that should be taken in order to secure a default Linux
installation. Most default installations of Linux are grossly
insecure. This paper focuses on methods that can be used not
only to secure a machine with a high degree of confidence, but
still allow your users to be able to accomplish their work.”
“This paper does not cover procedures for securing a machine
that is already on a network. As a rule, no machine should be
placed on any network prior to its having been secured against
local and remote attack. If a machine has already been
compromised, none of the following procedures will improve the
system’s security. In most cases, depending on the skill of the
intruder, the machine will likely already be trojaned or
backdoored. Applying the following security procedures on such a
machine would only provide a false sense of security.”
“As a firm adherent to the philosophy of proactive security, the
author does not recommend any attempt to “back-track” and attempt
to secure machines that are already in place. It is best to freshly
re-install and secure these machines from scratch. After all, it
only takes one compromised machine to shatter the security posture
of one’s entire network.”