: I'm new to the world of Linux/Perl/et al. but am thoroughly *ed to
: both. As soon as Linux supports parallel CDRWs my Windows is heading out
: the "Window". I have recently installed Red Hat 5.1 at home and am trying
: to pick up on some security tips for newbies. This group and the how-to's
: have been a great help. However, because the information is sort of "all
: over the place", so to speak, I am afraid that I'm missing some important
: points. So I'm wondering if anyone has any top ten lists of things to do
: right off the bat. Here are some things I've learned to do from friends
: and this group:
: 1. Never go on the web/ftp/mail as root. Use an alias like sudo whenever
: logged in locally.
Not quite right. Use a normal user account for
all normal work and use the 'sudo' command to selectively
and temporarily grant *that* account access to additional
privileges (the least possible for a given task) whenever
those additional privs are necessary)
: 2. Apply patches from Redhat.com
Or your vendor of choice.
: 3. Close finger and all services not explicitly required.
: 4. Take ip spoofing out of named
IP Spooing isn't "in" named. You need to use packet
filters (on your border router) and/or Linux ipfwadm/ipchains
commands to prevent spoofing. Even then you can only
prevent the ingress of packets which claim to be from
the IP addresses in *your* domain (on your LAN) and the
egress of packets which claim to be from *any other* IP
(other than your domain). You can't do anything to
prevent one third party from spoofing their packets to
appear as though they were from another third party
(both of those parties and their routers are beyond
your adminsitrative control).
The consequence of this is that you must not trust
IP addresses from outside of your domain. In general
after you've implemented anti-spoofing packet screens
on *all* border routers (all routes that lead in/out
of your domain) you should *not* trust any conclusion
beyond: "That was from outside" and "This was from inside."
(And there are even exceptions to that).
: 5. Run a log monitor. I have swatch now but have seen Tripwire mentioned
: here a few times.
'tripwire' is not a "log monitor" --- it is a file integrity
verification system. You probably want both. However, there
are numerous ways of corrupting log files, so you'd
really better have the rest of your host security act together
before log file monitoring will meaning anything.
: There seems to be quite a debate over the usefulness of ssh so I haven't
: reached that far yet.. what should I add? I suppose I should also be
: asking if there is a FAQ for this group hidden somewhere?
What's the debate? It's a hell of a lot better than rsh and