On 06/02/06, James Gagnon jamesg@nucleus.com wrote:
From an overall security point of view, does anyone know any good links or direct me to some good information for securing linux server systems if its not behind a hardware firewall? I read all the security updates for specific daemons such as httpd, bind, etc.. and ensure those measures are in place and or patched. However, when it comes to the actual OS itself I just want to make sure all security measures are in place for it as well. Yum update does run on a nightly basis, but not sure if there is more to it than that.
The O'Reilly Linux Server Security book's a good read if you have at least a little Unix admin/user experience. It re-iterates a lot of the good advice that's been covered on the list about securing SSH by running on a non-standard port, only allowing key based auth and then only for a limited subset of users/groups.
They also cover bastion firewalling. Essentially, anything internet facing (or security sensitive), even if behind another firewall, it's good practice to firewall to the hilt. The more layers the better.
Secure your OS. Secure your apps. Secure your network. A lot of it's just common sense. Unless you're full time job is nothing but security and you can track all the current vulnerabilities and infer where the next ones will be just assume every thing's a risk and lock down/remove everything you don't absolutely require to mitigate the likelihood of getting owned.
Link-wise, I'd say the more you read the better.
http://www.google.co.uk/search?hl=en&q=hardening+linux&btnG=Search&a...
http://www.google.co.uk/search?hl=en&q=hardening+redhat&btnG=Search&...
Start with those. :)
Bear in mind, if you're messing with stuff you're not sure about, use a test machine/have backups/make sure you can reinstall from scratch if you break somethign or get burned somehow.
Will.