David Welton <[EMAIL PROTECTED]> writes: > Hi, I'm looking for a basic document describing how to take some basic > (but important) steps towards securing your computer. Something that > describes to the new user how to use things like tcpd, ssh, tripwire, > and other things to keep their system secure. Something that is not > comprehensive, but that would take the person through some of the more > important things that can make the system reasonably secure, at least > from attackers who are not determined.
As it happens, I wrote a very basic set of instructions for my coworkers. This only describes the steps necessary to connect to the internet safely, nothing fancy. Hope it helps. Please tell me of any errors and security holes. Oliver -- Oliver Schoett <[EMAIL PROTECTED]> ---------------------------------------------------------------------- Security Why are you running a Linux system? Because it is better than the commercial stuff, of course. One way in which it is better is that it has strong, documented and configurable network security, so let's indulge in this luxury. The way to attack a computer without accessing it physically is to exploit the network services it offers. On a Linux system, network services are provided by processes running as "daemons" in the background, such as * inetd, * rpc.portmap, * rpc.mountd, * rpc.nfsd, * innd, * nntpd, to name the most common ones. You should check your system (with ps ax) whether any of these programs have been started at system startup. In the common case that you do not want to offer any network services to the outside world, the safest and easiest way to be secure is to kill all the network daemons and make sure they are not started at system startup (comment out the lines starting them in the system startup scripts). If you do that, you can skip the rest of this section. If you need network services (for example, if you need to connect to your own machine for local mail delivery or local news reading), you can run the network server inetd in a configuration where you have connection attempts logged and blocked or accepted selectively. To do this, I use the "TCP wrapper" program tcpd, which is part of the netbase package of Debian GNU/Linux. This package is controlled by three files described in the following sections. /etc/inetd.conf This file contains the service definitions for inetd. They should be either commented out (with a # in front) or "wrapped" by tcpd, that is, each service definition should not name the corresponding server program directly: ... /some/directory/program program arg arg ... but via tcpd, that is, ... /usr/sbin/tcpd /some/directory/program arg arg ... Note that the second occurrence of "program" in the original line is deleted. The "wrapper" program tcpd ensures that a connection attempt is allowed before it starts the service specified in its argument list. It can also log the connection attempts, start shell scripts, etc. /etc/hosts.deny This file lists all service/client combinations that are not to be allowed by tcpd. Mine reads (apart from comments): ALL: ALL: severity auth.warning so that all connections are denied by default, and I get a warning for every connection attempt that is denied. /etc/hosts.allow This file lists all service/client combinations that are to be allowed by tcpd. It has priority over hosts.deny. Mine reads (apart from other comments): # allow connections from localhost ALL: 127.0.0. which allows all connections from my own machine. But of course, you can leave it empty if you do not want to connect from your machine to itself. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
