> Any one out there know good reference for securing a > Linux 7.2 Server OS. I'm new to using Linux and need > to lock down a system for use as an IDS Sensor. Any > help would be appreciated.
I know your question is about Red Hat 7.2, Kevin, but it needs to be said: If this machine will *only* be an IDS sensor, then Red Hat isn't the best place to start. That distribution is designed to be comprehensive, easy-to-use and feature-laden. There's so much in it that you won't use/need and which only offers another potential path for attacks. It really would be better to start with a more minimalist distro, such as the Linux Router Project. http://master-www.linuxrouter.org:8080/ Now that said, you *have* said "I'm new to using Linux" as a key point, and you *have* specified Red Hat 7.2... So let's actually answer the question. I'm assuming you want something that will get this Red Hat box hardened *now*, not something that's the starting point for a year-long learning exercise in military-grade security issues. :) I'd therefore recommend Bastille-Linux as a starting-point. This is a system hardening script which will cover off most of the essentials. http://bastille-linux.sourceforge.net/ In a nutshell, you run this script on (ideally) a virgin installation, answer the questions about what things you do and don't want on the machine, and it makes takes care of the changes. (Your original installation should also be as minimal as possible, so select "Custom" and turn off as many packages as you can. Note to self: One day I must do a suitable KickStart file for this...)) Note that you'll need to use the development (i.e. non-production) version for RH 7.2 support... though the official release of the RH 7.2-compatible production version is moments away. The script covers off pretty much everything from the SANS book "Securing Linux: Step-by-Step". http://www.sansstore.org/Merchant/linux.htm Now someone is bound to respond that Bastille-Linux doesn't do this or that, or that the firewall script it installs is too complex, or whatever. And I'd probably agree. But as a *starting point* this will cover you against 99% of the issues in minimal time. You can then use your free time to learn stuff more and deal with that remaining 1% with increased understanding. Stil -- Stilgherrian, Director of Operations Taurfish Pty Ltd (ACN 084 970 178) http://www.taurfish.com.au/