hi ya kevin
i assume you mean redhat-7.2...
and if its an ids machine are you really sure you wanna
use redhat???
To tighten down the server ...
- choose the right distro for "the job"
- tighten your kernel
- apply all known security patches for the distro
- turn off your unused services ( ie.. ALL of um )
- turn off/remove unused daemons
- turn off suid,guid bits
- no user logins...
- keep a copy of all binaries and checksums in a safe place
- test it ... test it regularly...
- ,,, lots of fun stuff
- which IDS do you plan to use ???
http://www.Linux-sec.net/IDS
- what is your IDS going to be logging ???
- to incoming detect port scans ???
- to detect login attempts ??
- to detect DoS attacks ??
- to detect root logins ??
- to detect network(passwd) sniffers ??
- to detect successful rootkits installing itself ??
- to detect rootkits that is hiding/trojaned/dormant ??
- where is the weakest security link ???
- we'll mention logfile analysis to add more quirks to the puzzle
- how fast do you wanna detect a potential breach ???
- a couple minutes... once a day ??
- whats the budget for your IDS box ???
if little or no special budget for IDS ...
- install a pre-configured "secure linux"
- install tripwire/aide etc... and check it once a day
- keep a copy of ALL binaries in /bin /sbin /usr/{bin,sbin}
and libs in a safe place to compare it against the
possibly hacked/recplaced binaries
c ya
alvin
http://www.Linux-sec.net/
On 21 Dec 2001, Kevin Robitaille wrote:
>
Any one out there know good reference for securing a
Linux 7.2 Server OS. I'm new to using Linux and need
to lock down a system for use as an IDS Sensor. Any
help would be appreciated.
