Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tod Merley wrote:
On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant@xxxxxxxxx> wrote:
I have finally got my F8 setup and running so now I am reviewing the
security issues that needs to be taken into account.

I have looked into trying many things to protect and harden my systems,
but I thought I'd ask members what they are doing/using to defend their
systems against attacks and unwanted intrusions?  Would it be neat
if there was an automatic non-human defender to do it for you while you
sleep?  Dream on.

I would like to focus on securing Fedora. I have tried snort w/Base etc.,
Tripwire, Fam, nmap, Iptable techniques, and so on.

Does anyone have any advice, links to great sites focused on security
and how to secure your linux box against intrusions and attacks?

Thanks!


No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


Hi  Daniel B. Thurman!

It is late so topics only for tonight:

1. Turn off services you do not use.
2. Make your computer "silent" to all but those who use it - e.g. turn
off ping - e.g. use a door knock protocol on a non-standard port for
ssh to access ssh (give no reply to those who knock on the normal port
and respond to only your special "knock" on your non-standard port),
3. Have a constant background scan done for virus, root kit, e-mail,
changes in critical files, port scan, log  files (logwatch), and
audits for suspicious activity.  This can and should be "niced" to not
interfere with normal operations.
4. Google "pen testing".  C/o osstmm.
5. Honeypots!
6. Backup your "used" areas often and in a number of different ways.
I use flash drives, CDs, and other portions of the local or remote
hard drives.  I also tend to put an occasional file in an obscure
e-mail account.  Be ready to "wipe and re-load" efficiently.  I have
played with the idea of using "ghosted" "snapshots" for this purpose
but have only taken that to the idea level. Tar is becoming a friend.
7. Do planned "wipe and re-loads" several times a year.  For that
matter, if you simply save your used areas and then wipe and load the
new version of your distro when it comes out that is probably enough.
Be ready to restore to where you were if you need to.

Ok, I lied - the one link I will give you has some very good ones at
the end.  Note the crazy quotes and the interesting message box near
the end:

http://en.wikipedia.org/wiki/Computer_security

Enjoy!

Tod

From my own experience I learned you need to use real good passwords on EVERYTHING. I thought my user password was safe because no one can get to that. WRONG. A ssh connection can use your weak user password to get in.

So use passwords that include letters upper and lower case and numbers. Then sleep well at night.

Karl


--

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.
  PGP 4208 4D6E 595F 22B9 FF1C  ECB6 4A3C 2C54 FE23 53A7

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux