[techtalk] Linux security suggestions

Brian Sweeney bsweeney at physics.ucsb.edu
Sun May 13 22:22:48 EST 2001 

Hey all-

Man, we've been active this weekend.  I didn't check my mail for a while and
I've got >100 messages, LOTS from here.  Then I saw the whole troll thing.
Yuk.  'Nuff said.  But it's nice to know that when a heated topic comes up,
once again there are linuxchix all over willing to contribute.  So I'll take
that as a silver lining.

In any case, whilst pouring through said emails I read a few places where
people asked for suggestions on security, or possbile Q&A submissions.  At
one point someone mentioned, I think, uninstalling services and shutting
down ports as the main things.  I'll add (though I know for most people it's
obvious) KEEPING PATCH LEVELS UP!!!  Can't say this enough.  Most security
experts I've read feel that most security "incidents" could have been
avoided simply by keeping software up to date.  Example:

Last week, against our direct order, a user at my organization put a (near
as we can tell) unpatched RHL6.2 box on the network.  He was compromised in
under 12 hours; I haven't gotten the chance to recover the logs to figure
out exactly when.  It'll be more difficult, since he (again against our
order) wiped the machine and began a reinstall.  He says he backed up the
filesystem, but who knows what shape it's in.  Anyway, that was when I
discovered the quote below that became my sig file and new mantra ;-).

In any case, another suggestion (which I think I've already posted to this
list; sorry for the redundancy if so) is to check out bastille-linux.  Those
guys have developed a really nice set of scripts that do all the top
security lock-down procedures for you.  Between that and updating packages
(yes, I know, that's getting a bit repetitive) the average user, I think,
can feel secure putting their machine on the net.

NOw i've got to go through the two days of logs I missed.  Yuk again.

-Brian

-----------------------------------------
Brian Sweeney
bsweeney at physics.ucsb.edu

"The life expectancy of an unpatched, default installation of Red Hat 6.2
server is three days. The last time we attempted to confirm this, the system
was compromised in eight hours."
-The Honeynet Project

More information about the Techtalk mailing list