I've been asked to look at securing our
systems far more than what they are now.
In doing so I've compiled a list of things
that need to be looked at. Unfortunately
our site cannot use 'trusted system'
because of a constraint with one of the
essential applications that we use.
Here is what I've listed so far. I would
like feedback on what else I can do.
Remember I cannot use 'trusted system'
Removing all instances of .rhosts and
/etc/hosts.equiv
Turning off unnecessary services such as
exec, comsat, talk, uucp, finger, echo,
discard, daytime, chargen, sadmind,
rpc.cmsd and rpc.ttdbserverd.
Beef up the permissions on the following
files:
/etc/passwd 444 root:sys
/etc/group 444 root:sys
/etc/syslog.conf 444 bin:bin
/etc/resolv.conf 444 root:sys
/etc/nsswitch.conf 444 root:sys
/etc/mail/aliases 644 root:mail
/etc/mail/sendmail.cf 444 root:mail
/etc/mail/sendmail.cw 444 root:mail
/etc/fstab 444 root:sys
/etc/mnttab 444 root:sys
/etc/inittab 444 root:sys
/etc/inetd.conf 444 root:sys
/etc/lvmconf (directory) 755 root:root
/etc/lvmtab 600 root:sys
/etc/lvmrc 640 bin:bin
/etc/profile 444 bin:bin
/etc/exports 600 root:sys
/etc/hosts 444 root:sys
/etc/services 444 root:sys
/etc/shutdown.allow 640 bin:bin
/etc/SnmpAgent/snmpd.conf 644 root:root
/etc/utmp 644 root:root
/var/adm/btmp 600 root:root
/var/adm/sulog 600 root:root
/var/adm/wtmp 640 root:sys
/var/adm/cron/at.allow 444 bin:bin
/var/adm/cron/cron.allow 444 bin:bin
/var/spool/cron/crontabs/* 444 root:sys
There are many more files that are suid and
sgid on these systems, but which
ones do I keep as suid and sgid??
Thanks
Michael
Anyone for a Mutiny ?
