Actually Sheilds up was one thing on my list to talk about, as well as
running a port scanner against your box, and of course editing your
inetd.conf and startup scripts to make any unnescessary services not run.
Ideally you wouldn't want to run any services except perhaps ssh for a
desktop, and only ones you needed for a server (http, non-anon ftp, ssh NOT
telnet, smtp, nmbd/smbd if you are on a Windows LAN). Maybe installing a
program like tripwire or SATAN, and some kind of program that copies your
logs somewhere so that you can still check stuff out if you get h4x0red.
Adding this line to /etc/syslogd.conf can't hurt either:
*.* /dev/tty9
This will basically make all syslog'd info show up on a text screen after
your X server screen (usually tty7 or 8). Of course this will be useless if
someone hacks in, rm -rf's your log dir and reboots :) Maybe we can talk
about making a custom kernel (you ultra paranoid guys will probably want to
use an encrypted files system). And maybe we can talk about a few other
things.
George
-----Original Message-----
From: J.D. Abolins [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 19, 2001 4:31 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: LUG Meeting and other info
On Thu, 19 Jul 2001, George Tenney wrote:
> I would be almost willing to do a presentation on security and securing a
> Linux box but I fear that I am not the most knowledgeable person on the
> topic. I know a little and could of course find out more, but I don't
know
> if it would be enough to present. On the other hand I have always dreamed
> of wearing an XXL Caldera shirt ;)
Security is one of my specialties although I am still in the learning
stages in regards to the vast topic of Linux security. For a user group
presentation, I'd be glad to help anybody interested in a security
presentation.
One of the most important security tips for Linux, *nix's in general, that
MS product, whatever is "Run only those services you really need!" Many
default installation choices tend to put way too many running services
onto a system. Do you need to be running apache web server or, even more
risky, an anon ftp server?
One handy checker I found is the Shields Up service and its "Probe My
Ports" option available at the Gibson Research Center Web site. (
http://www.grc.com ). Although these tests are geared more towards the
users of a certain quaint OS from a company in Washington state <g>, the
port probe will do a nice test for Linux systems as well.
J.D. Abolins
Meyda Online -- Infosec & Privacy Studies
http://www.meydabbs.com (waiting to be updated when I get the time)
