Several kernel configuration options are available to improve security through the /proc pseudo-filesystem. Quite a few of the files in /proc/sys are directly related to security. Enabled if contains a 1 and disabled if it contains a 0. Many of the options available in /proc/sys/net/ipv4 include: • icmp_echo_ignore_all: Ignore all ICMP ECHO requests. Enabling this […]
• AutoRPM on Red Hat and apt-get on Debian can be used to download and install any packages on your system for which there are updates. Use care when automatically updating production servers. • IP Masquerading enables a Linux box with multiple interfaces to act as a gateway to remote networks for hosts connected to
• Limit Apache to listen only on local interface by configuring /etc/httpd/conf/httpd.conf to read: Listen 127.0.0.1:80 • Use the following to disable access to the entire filesystem by default, unless explicitly permitted. This will disable printing of indexes if no index.html exists, server-side includes, and following symbolic links. Disabling symlinks may impact performance for large
Disabling or removing unused programs and services from your host is the most effective way to limit threats originating from a remote host. Use your distributions package management tools to scan the list of installed packages, then remove those that are unnecessary. • Many of the services running from inetd are legacy programs, which are
Intrusion detection devices are an integral part of any network. The Internet is constantly evolving, and new vulnerabilities and exploits are found regularly. They provide an additional level of protection to detect the presence of an intruder, and help to provide accoutability for the attacker’s actions. The snort network intrusion detection tool performs real-time traffic
Tripwire is a program that monitors file integrity by maintaining a database of cryptographic signatures for programs and configuration files installed on the system, and reports changes in any of these files. A database of checksums and other characteristics for the files listed in the configuration file is created. Each subsequent run compares any differences
Frequently used to monitor and control access to services listed in /etc/inetd.conf. The in.ftpd service might be wrapped using: ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -L -i -o Before the in.telnetd daemon is spawned, tcpd first determines if the source is a permitted host. Connection attempts are sent to syslogd. All services should
The syslogd is responsible for capturing logging information generated by system processes. The klogd is responsible for capturing logging information generated by the kernel. System logs provide the primary indication of a potential problem. • Fine-tune the default /etc/syslog.conf to send log information to specific files for easier analysis. # Monitor authentication attempts auth.*;authpriv.* /var/log/authlog
OpenSSH is a replacement for telnet and ftp that eliminates eavesdropping, connection hijacking, and encrypts all communication between hosts. One of the most indepensible free security tools in existence. • Install the OpenSSH and OpenSSL Packages: openssh-<current-version>.rpm openssh-server-<current-version>.rpm openssh-clients-<current-version>.rpm openssl-<current-version>.rpm • Generate Public/Private Key Pair: OpenSSH uses public key cryptography to provide secure authorization. Generating
