HPE Community
Operating System - Linux
1831356 Members
3147 Online
110024 Solutions
New Discussion

Re: Improve Security

 
SOLVED
Go to solution
Sylvie Vezina
Occasional Advisor

‎03-07-2004 04:38 PM

‎03-07-2004 04:38 PM

Improve Security

How can I improve security on Unix....security password: change it after 60 days, unautorized access, ftp access..We have security lack and we want to improve it...Do we need to install special software? Where can I find documation about it?
Thanks you in advance.
The best day is today
0 Kudos
Reply
15 REPLIES 15
Mobeen_1
Esteemed Contributor

‎03-07-2004 05:10 PM

‎03-07-2004 05:10 PM

Solution

Re: Improve Security

Sylvie,
I think you can implement a lot of things on this front and i am sure our colleagues here would add on to the list below

1. Prevent direct logins to your system
as root

2. Implement 'su' for all root logins.
which means that all users need to
log in as themselves and then 'su' to
root

3. Unless there is a business need stop
creating generic accounts on your
systems

4. Look at implementing NIS+ or LDAP if
there is a need, this depends on your
environment

5. Setup all your user accounts in a way
that the passwords expire in 30 or 60
days. This can be done in the user
profile

In addition to this, you can look at implementing SSH, which will provide an additional layer of security. The following site gives details on this, note this can be downloaded for free

http://www.ssh.com

regards
Mobeen
Reply
Jerome Henry
Honored Contributor

‎03-07-2004 07:15 PM

‎03-07-2004 07:15 PM

Re: Improve Security

Adding :

Use your machine logging capacities, use your log, filtering and reading them

Use tools like tripwire to ensure file integrity

Use shadow on your passwords

Use firewalling capacities to let only normal ports open

chroot your applications...

Of course disable unusefull services

Get latest patches...

hth

J
You can lean only on what resists you...
Reply
Martin P.J. Zinser
Honored Contributor

‎03-08-2004 07:26 AM

‎03-08-2004 07:26 AM

Re: Improve Security

Hi,

for authentication/accounting issues you most probably want to check PAM (Pluggable Authentication Modules). man pam on your local system or in more detail at

http://www.kernel.org/pub/linux/libs/pam/

Greetings, Martin
Reply
Olivier Drouin
Trusted Contributor

‎03-08-2004 08:57 AM

‎03-08-2004 08:57 AM

Re: Improve Security

Salut Sylvie,
Un bon livre pour les debutants

http://www.oreilly.com/catalog/linuxsckbk/
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-08-2004 12:35 PM

‎03-08-2004 12:35 PM

Re: Improve Security

The single most important thing you can do to improve security is to be aware of it.

Seriously, many admins never do anything about security because they don't have time. They sit behind a firewall in a corporate environment and don't have time to care.

What about malicious employees. What happens if the firewall has a security flaw and the public Internet can get in. Unmodified sendmail is a spam relay server waiting to happen EVEN if you don't allow relay.

The next best step is to have a security audit. Do it yourself, follow a checklist but run through it.

Next: Bastille Linux Security hardening:

http://bastillelinux.org

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎03-08-2004 07:27 PM

‎03-08-2004 07:27 PM

Re: Improve Security

I've been working on a FREE site that aims to provide a "gentle" introduction to this subject. Take a look at www.simplsafer.co.uk and let me know what you think?
Reply
Olivier Drouin
Trusted Contributor

‎03-09-2004 06:12 AM

‎03-09-2004 06:12 AM

Re: Improve Security

Andrew: error 500 ?
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎03-09-2004 07:10 PM

‎03-09-2004 07:10 PM

Re: Improve Security

Sorry, for the typo, try: www.simplysafer.co.uk.
Reply
Sylvie Vezina
Occasional Advisor

‎03-26-2004 08:12 AM

‎03-26-2004 08:12 AM

Re: Improve Security

Andrew, sorry for the delay. I will keep your site adress, it's very helpful. I liked it.
The best day is today
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎03-27-2004 05:36 AM

‎03-27-2004 05:36 AM

Re: Improve Security

Thanks, glad you liked it. I'm between jobs this week and hope to find time to do a major update.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-27-2004 06:10 PM

‎03-27-2004 06:10 PM

Re: Improve Security

An area I forgot to address in my first post is sendmail security.

A perfectly set up system can be serious compromised on the Internet by a weak sendmail configuration.

Things to watch:

web forms. Web forms are scripts that let web users send mail via a form page on the web server. Improperly secured, a user can abuse the script and send mail to anyone they want, 500 at a time.

Its important to add code to your forms that prevent the cgi script from being used from any other server other than the ones authorized by you.

Consider protecting against smtp scripting. AOL users are famous for this. They get an account, and then use someone elses mail server to relay the mail. Its important to configure your server to only allow port 25 traffic from any aol mail servers except the authorized ones at http://postmaster.aol.com

A book by Craig Hunt sendmail cookbook is very useful.

Learning the ins and outs of sendmail security. Check my profile, I learned sendmail here.

Also, Bastille for Linux is a must, I run it on all my servers.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Todd McDaniel_1
Honored Contributor

‎03-29-2004 07:29 AM

‎03-29-2004 07:29 AM

Re: Improve Security

TCP wrappers for all tcp processes... as follows.

/etc/hosts.allow and /etc/hosts.deny

Here is an example of my setup.

# cat /etc/hosts.allow
#all : all : banners=/usr/localcw/opt/sysguard/banners : allow
ftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
telnetd : all : banners=/usr/localcw/opt/sysguard/banners : allow
tftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
logind : all : banners=/usr/localcw/opt/sysguard/banners : allow
rlogind : all : banners=/usr/localcw/opt/sysguard/banners : allow
remshd: all : banners=/usr/localcw/opt/sysguard/banners : allow
sidftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
rexecd : all : banners=/usr/localcw/opt/sysguard/banners : allow
sshd : all : banners=/usr/localcw/opt/sysguard/banners : allow


# cat /etc/hosts.deny
# Deny all hosts
ALL : ALL


Here is a great link that gives some explanation...

http://ezine.daemonnews.org/200206/hosts_allow.html
Unix, the other white meat.
0 Kudos
Reply
Todd McDaniel_1
Honored Contributor

‎03-29-2004 07:31 AM

‎03-29-2004 07:31 AM

Re: Improve Security

Also, if you are not using scfmgr... it is a great Sysguard tool.

To manage security for unauth access to root passwd.

man scfmgr
Unix, the other white meat.
0 Kudos
Reply
Todd McDaniel_1
Honored Contributor

‎03-29-2004 07:34 AM

‎03-29-2004 07:34 AM

Re: Improve Security

Sorry for 3 posts... but found something else...

You can combine my points into one post if you want.

Here is a great PDF that I got from HP. Security tools...
Unix, the other white meat.
0 Kudos
Reply
Peeyush
Regular Advisor

‎03-30-2004 04:21 AM

‎03-30-2004 04:21 AM

Re: Improve Security

hi all

what i do for securing my linux box
- read logs (install loggin software as tripwire)
- install firewall (i use fwbuilder)
- stop unwanted services
- keep ur linux updated/patched

few things i do regularly on my linux
- netstat -n (chk who got multiple connection 1-5 r fine but more than 10 r bad)
- nmap -sS ..chk ur open ports
any suggestion for my site.. http://geocities.com/peeyush_maurya/
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.