> Any one out there know good reference for securing a
> Linux 7.2 Server OS. I'm new to using Linux and need
> to lock down a system for use as an IDS Sensor. Any
> help would be appreciated.
I know your question is about Red Hat 7.2, Kevin, but it needs to be
said:
If this machine will *only* be an IDS sensor, then Red Hat
isn't the best place to start. That distribution is designed
to be comprehensive, easy-to-use and feature-laden. There's
so much in it that you won't use/need and which only offers
another potential path for attacks. It really would be better
to start with a more minimalist distro, such as the Linux
Router Project.
http://master-www.linuxrouter.org:8080/
Now that said, you *have* said "I'm new to using Linux" as a key point,
and you *have* specified Red Hat 7.2...
So let's actually answer the question. I'm assuming you want something
that will get this Red Hat box hardened *now*, not something that's the
starting point for a year-long learning exercise in military-grade
security issues. :)
I'd therefore recommend Bastille-Linux as a starting-point. This is a
system hardening script which will cover off most of the essentials.
http://bastille-linux.sourceforge.net/
In a nutshell, you run this script on (ideally) a virgin installation,
answer the questions about what things you do and don't want on the
machine, and it makes takes care of the changes.
(Your original installation should also be as minimal as possible, so
select "Custom" and turn off as many packages as you can. Note to self:
One day I must do a suitable KickStart file for this...))
Note that you'll need to use the development (i.e. non-production)
version for RH 7.2 support... though the official release of the RH
7.2-compatible production version is moments away.
The script covers off pretty much everything from the SANS book "Securing
Linux: Step-by-Step".
http://www.sansstore.org/Merchant/linux.htm
Now someone is bound to respond that Bastille-Linux doesn't do this or
that, or that the firewall script it installs is too complex, or whatever.
And I'd probably agree. But as a *starting point* this will cover you
against 99% of the issues in minimal time. You can then use your free
time to learn stuff more and deal with that remaining 1% with increased
understanding.
Stil
--
Stilgherrian, Director of Operations
Taurfish Pty Ltd (ACN 084 970 178)
http://www.taurfish.com.au/
