topic Re: Improve Security in Operating System - Linux

Improve Security

Sylvie Vezina — Mon, 08 Mar 2004 00:38:47 GMT

How can I improve security on Unix....security password: change it after 60 days, unautorized access, ftp access..We have security lack and we want to improve it...Do we need to install special software? Where can I find documation about it?
Thanks you in advance.

Re: Improve Security

Mobeen_1 — Mon, 08 Mar 2004 01:10:00 GMT

Sylvie,
I think you can implement a lot of things on this front and i am sure our colleagues here would add on to the list below

1. Prevent direct logins to your system
as root

2. Implement 'su' for all root logins.
which means that all users need to
log in as themselves and then 'su' to
root

3. Unless there is a business need stop
creating generic accounts on your
systems

4. Look at implementing NIS+ or LDAP if
there is a need, this depends on your
environment

5. Setup all your user accounts in a way
that the passwords expire in 30 or 60
days. This can be done in the user
profile

In addition to this, you can look at implementing SSH, which will provide an additional layer of security. The following site gives details on this, note this can be downloaded for free

http://www.ssh.com

regards
Mobeen

Re: Improve Security

Jerome Henry — Mon, 08 Mar 2004 03:15:23 GMT

Adding :

Use your machine logging capacities, use your log, filtering and reading them

Use tools like tripwire to ensure file integrity

Use shadow on your passwords

Use firewalling capacities to let only normal ports open

chroot your applications...

Of course disable unusefull services

Get latest patches...

hth

J

Re: Improve Security

Martin P.J. Zinser — Mon, 08 Mar 2004 15:26:52 GMT

Hi,

for authentication/accounting issues you most probably want to check PAM (Pluggable Authentication Modules). man pam on your local system or in more detail at

http://www.kernel.org/pub/linux/libs/pam/

Greetings, Martin

Re: Improve Security

Olivier Drouin — Mon, 08 Mar 2004 16:57:22 GMT

Salut Sylvie,
Un bon livre pour les debutants

http://www.oreilly.com/catalog/linuxsckbk/

Re: Improve Security

Steven E. Protter — Mon, 08 Mar 2004 20:35:24 GMT

The single most important thing you can do to improve security is to be aware of it.

Seriously, many admins never do anything about security because they don't have time. They sit behind a firewall in a corporate environment and don't have time to care.

What about malicious employees. What happens if the firewall has a security flaw and the public Internet can get in. Unmodified sendmail is a spam relay server waiting to happen EVEN if you don't allow relay.

The next best step is to have a security audit. Do it yourself, follow a checklist but run through it.

Next: Bastille Linux Security hardening:

http://bastillelinux.org

SEP

Re: Improve Security

Andrew Cowan — Tue, 09 Mar 2004 03:27:58 GMT

I've been working on a FREE site that aims to provide a "gentle" introduction to this subject. Take a look at www.simplsafer.co.uk and let me know what you think?

Re: Improve Security

Olivier Drouin — Tue, 09 Mar 2004 14:12:58 GMT

Andrew: error 500 ?

Re: Improve Security

Andrew Cowan — Wed, 10 Mar 2004 03:10:00 GMT

Sorry, for the typo, try: www.simplysafer.co.uk.

Re: Improve Security

Sylvie Vezina — Fri, 26 Mar 2004 16:12:14 GMT

Andrew, sorry for the delay. I will keep your site adress, it's very helpful. I liked it.

Re: Improve Security

Andrew Cowan — Sat, 27 Mar 2004 13:36:36 GMT

Thanks, glad you liked it. I'm between jobs this week and hope to find time to do a major update.

Re: Improve Security

Steven E. Protter — Sun, 28 Mar 2004 02:10:59 GMT

An area I forgot to address in my first post is sendmail security.

A perfectly set up system can be serious compromised on the Internet by a weak sendmail configuration.

Things to watch:

web forms. Web forms are scripts that let web users send mail via a form page on the web server. Improperly secured, a user can abuse the script and send mail to anyone they want, 500 at a time.

Its important to add code to your forms that prevent the cgi script from being used from any other server other than the ones authorized by you.

Consider protecting against smtp scripting. AOL users are famous for this. They get an account, and then use someone elses mail server to relay the mail. Its important to configure your server to only allow port 25 traffic from any aol mail servers except the authorized ones at http://postmaster.aol.com

A book by Craig Hunt sendmail cookbook is very useful.

Learning the ins and outs of sendmail security. Check my profile, I learned sendmail here.

Also, Bastille for Linux is a must, I run it on all my servers.

SEP

Re: Improve Security

Todd McDaniel_1 — Mon, 29 Mar 2004 15:29:31 GMT

TCP wrappers for all tcp processes... as follows.

/etc/hosts.allow and /etc/hosts.deny

Here is an example of my setup.

# cat /etc/hosts.allow
#all : all : banners=/usr/localcw/opt/sysguard/banners : allow
ftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
telnetd : all : banners=/usr/localcw/opt/sysguard/banners : allow
tftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
logind : all : banners=/usr/localcw/opt/sysguard/banners : allow
rlogind : all : banners=/usr/localcw/opt/sysguard/banners : allow
remshd: all : banners=/usr/localcw/opt/sysguard/banners : allow
sidftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
rexecd : all : banners=/usr/localcw/opt/sysguard/banners : allow
sshd : all : banners=/usr/localcw/opt/sysguard/banners : allow

# cat /etc/hosts.deny
# Deny all hosts
ALL : ALL

Here is a great link that gives some explanation...

http://ezine.daemonnews.org/200206/hosts_allow.html

Re: Improve Security

Todd McDaniel_1 — Mon, 29 Mar 2004 15:31:19 GMT

Also, if you are not using scfmgr... it is a great Sysguard tool.

To manage security for unauth access to root passwd.

man scfmgr

Re: Improve Security

Todd McDaniel_1 — Mon, 29 Mar 2004 15:34:41 GMT

Sorry for 3 posts... but found something else...

You can combine my points into one post if you want.

Here is a great PDF that I got from HP. Security tools...

Re: Improve Security

Peeyush — Tue, 30 Mar 2004 12:21:44 GMT

hi all

what i do for securing my linux box
- read logs (install loggin software as tripwire)
- install firewall (i use fwbuilder)
- stop unwanted services
- keep ur linux updated/patched

few things i do regularly on my linux
- netstat -n (chk who got multiple connection 1-5 r fine but more than 10 r bad)
- nmap -sS ..chk ur open ports