[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] re: strange but true


Security is HARD...there are just too many variables. The OS is just one
variable. That said, many Linux distributions are not very secure out of
the box (some are though). However, they can be made more secure. I work
from the assumption that Linux is no more secure than the average
Windows 98 installation. Though this is hyperbole, I build the box up
from there.

You really should acquire several books on Linux security and implement
the basics. Go to www.tldp.org. This is The Linux Documentation Project.
Click on "GUIDES" and scroll down to "Securing and Optimizing Linux".
Read the first sections and implement the basics contained in that
manual. You should also read the SAG (Systems Administrator Guide) and
NAG (Network Administrator Guide) also on that page.

When you are working with Securing and Optimizing Linux, remember it was
written for Red Hat. This means some of files will not be in the same
location as shown in the book. Type "man find" on the command line to
learn how to use the find command. Here's an example: find / -iname
'*pass*' 2>/dev/null. This finds all files that have p-a-s-s in them.
So, it would find /etc/passwd at a minimum. If you know the full
filename, then use: find / -iname passwd 2>/dev/null. This will show you
all instances of passwd under the / directory.

SuSE generally includes a script called harden_suse (or something like
that). You should be able to run it directly or through the YAST2 tool
(I think through the security level). Run it and paranoid levels.

You may want to acquire some books on Linux security. I highly

_Linux System Security: The Administrator's Guide to Open Source
Security Tools, Second Edition_ by Scott Mann, Ellen Mitchell, Michell
Krell, and Mitch Krell.


For general Linux system administration, buy:

The Linux System Administration Handbook by Evi Nemeth, et al.  

Both books will help you ALOT!

Good luck!


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here