Thread: Securing Linux
View Single Post
Old 08-21-07, 09:18 PM   #2
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Securing Linux

The first thing you need to do is disable unneeded listening daemons. I usually do this by issuing a "netstat -apvtul" which means "all program verbose tcp udp listening". Identify what you don't need and disable that daemon. There's various ways to do this, on a Debian system, I find it easy to just "cd /etc/init.d" and "update-rc.d -f [daemon] remove". RedHat based systems you can use "sysvinit".

The second thing you need to do is establish a good ingress (inbound) and egress (outbound) firewall policy. Things like FireStarter can allow you to configure iptables via GUI, however, I find it better to actually understand iptables so you can configure it manually.

I've got much more to say but I need to determine the context. For example, do you allow SSH inbound? If so, you can use keybased authentication, don't permit root login, only use protocol version 2, change the default listen port, and use something like fail2ban to prevent brute force attacks. You can also use port-knocking.
evilghost is offline   Reply With Quote