357 lines
5.2 KiB
HTML
357 lines
5.2 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>General System Security</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
|
|
REL="HOME"
|
|
TITLE="Securing and Optimizing Linux"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Security, Optimization and Upgrade"
|
|
HREF="Secure-optimize.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Security, Optimization and Upgrade"
|
|
HREF="Secure-optimize.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="BIOS"
|
|
HREF="chap5sec29.html"></HEAD
|
|
><BODY
|
|
CLASS="chapter"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="Secure-optimize.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap5sec29.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="chapter"
|
|
><H1
|
|
><A
|
|
NAME="prt2ch1gss"
|
|
>Chapter 5. General System Security</A
|
|
></H1
|
|
><DIV
|
|
CLASS="TOC"
|
|
><DL
|
|
><DT
|
|
><B
|
|
>Table of Contents</B
|
|
></DT
|
|
><DT
|
|
>5.1. <A
|
|
HREF="chap5sec29.html"
|
|
>BIOS</A
|
|
></DT
|
|
><DT
|
|
>5.2. <A
|
|
HREF="chap5sec30.html"
|
|
>Security as a Policy</A
|
|
></DT
|
|
><DT
|
|
>5.3. <A
|
|
HREF="chap5sec31.html"
|
|
>Choose a right Password</A
|
|
></DT
|
|
><DT
|
|
>5.4. <A
|
|
HREF="chap5sec32.html"
|
|
>The root account</A
|
|
></DT
|
|
><DT
|
|
>5.5. <A
|
|
HREF="chap5sec33.html"
|
|
>The <TT
|
|
CLASS="filename"
|
|
>/etc/exports</TT
|
|
> file</A
|
|
></DT
|
|
><DT
|
|
>5.6. <A
|
|
HREF="chap5sec34.html"
|
|
>Disable console program access</A
|
|
></DT
|
|
><DT
|
|
>5.7. <A
|
|
HREF="chap5sec35.html"
|
|
>Disable all console access</A
|
|
></DT
|
|
><DT
|
|
>5.8. <A
|
|
HREF="chap5sec36.html"
|
|
>The inetd - <TT
|
|
CLASS="filename"
|
|
>/etc/inetd.conf</TT
|
|
> file</A
|
|
></DT
|
|
><DT
|
|
>5.9. <A
|
|
HREF="chap5sec37.html"
|
|
>TCP_WRAPPERS</A
|
|
></DT
|
|
><DT
|
|
>5.10. <A
|
|
HREF="chap5sec39.html"
|
|
>The <TT
|
|
CLASS="filename"
|
|
>/etc/host.conf</TT
|
|
> file</A
|
|
></DT
|
|
><DT
|
|
>5.11. <A
|
|
HREF="chap5sec40.html"
|
|
>The /etc/services file</A
|
|
></DT
|
|
><DT
|
|
>5.12. <A
|
|
HREF="chap5sec41.html"
|
|
>The <TT
|
|
CLASS="filename"
|
|
>/etc/securetty</TT
|
|
> file</A
|
|
></DT
|
|
><DT
|
|
>5.13. <A
|
|
HREF="chap5sec42.html"
|
|
>Special accounts</A
|
|
></DT
|
|
><DT
|
|
>5.14. <A
|
|
HREF="chap5sec43.html"
|
|
>Blocking; <B
|
|
CLASS="command"
|
|
>su</B
|
|
> to root, by one and sundry</A
|
|
></DT
|
|
><DT
|
|
>5.15. <A
|
|
HREF="chap5sec44.html"
|
|
>Put limits on resource</A
|
|
></DT
|
|
><DT
|
|
>5.16. <A
|
|
HREF="chap5sec45.html"
|
|
>Control mounting a file system</A
|
|
></DT
|
|
><DT
|
|
>5.17. <A
|
|
HREF="chap5sec46.html"
|
|
>Conceal binary <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
></A
|
|
></DT
|
|
><DT
|
|
>5.18. <A
|
|
HREF="chap5sec47.html"
|
|
>Shell logging</A
|
|
></DT
|
|
><DT
|
|
>5.19. <A
|
|
HREF="chap5sec48.html"
|
|
>The LILO and <TT
|
|
CLASS="filename"
|
|
>lilo.conf</TT
|
|
> file</A
|
|
></DT
|
|
><DT
|
|
>5.20. <A
|
|
HREF="chap5sec49.html"
|
|
>Disable <B
|
|
CLASS="keycap"
|
|
>Ctrl-Alt-Delete</B
|
|
> keyboard shutdown command</A
|
|
></DT
|
|
><DT
|
|
>5.21. <A
|
|
HREF="chap5sec50.html"
|
|
>Physical hard copies of all-important logs</A
|
|
></DT
|
|
><DT
|
|
>5.22. <A
|
|
HREF="chap5sec51.html"
|
|
>Tighten scripts under <TT
|
|
CLASS="filename"
|
|
>/etc/rc.d/</TT
|
|
></A
|
|
></DT
|
|
><DT
|
|
>5.23. <A
|
|
HREF="chap5sec52.html"
|
|
>Bits from root-owned programs</A
|
|
></DT
|
|
><DT
|
|
>5.24. <A
|
|
HREF="chap5sec53.html"
|
|
>The kernel tunable parameters</A
|
|
></DT
|
|
><DT
|
|
>5.25. <A
|
|
HREF="chap5sec54.html"
|
|
>Refuse responding to broadcasts request</A
|
|
></DT
|
|
><DT
|
|
>5.26. <A
|
|
HREF="chap5sec55.html"
|
|
>Routing Protocols</A
|
|
></DT
|
|
><DT
|
|
>5.27. <A
|
|
HREF="chap5sec56.html"
|
|
>Enable TCP SYN Cookie Protection</A
|
|
></DT
|
|
><DT
|
|
>5.28. <A
|
|
HREF="chap5sec57.html"
|
|
>Disable ICMP Redirect Acceptance</A
|
|
></DT
|
|
><DT
|
|
>5.29. <A
|
|
HREF="chap5sec58.html"
|
|
>Enable always-defragging Protection</A
|
|
></DT
|
|
><DT
|
|
>5.30. <A
|
|
HREF="chap5sec59.html"
|
|
>Enable bad error message Protection</A
|
|
></DT
|
|
><DT
|
|
>5.31. <A
|
|
HREF="chap5sec60.html"
|
|
>Enable <SPAN
|
|
CLASS="acronym"
|
|
>IP</SPAN
|
|
> spoofing protection</A
|
|
></DT
|
|
><DT
|
|
>5.32. <A
|
|
HREF="chap5sec61.html"
|
|
>Log Spoofed, Source Routed and Redirect Packets</A
|
|
></DT
|
|
><DT
|
|
>5.33. <A
|
|
HREF="chap5sec62.html"
|
|
>Unusual or hidden files</A
|
|
></DT
|
|
><DT
|
|
>5.34. <A
|
|
HREF="chap5sec63.html"
|
|
>System is compromised !</A
|
|
></DT
|
|
></DL
|
|
></DIV
|
|
><DIV
|
|
CLASS="highlights"
|
|
><A
|
|
NAME="AEN3190"
|
|
></A
|
|
><P
|
|
> A secure Linux server depends on how the administrator configures it to be. Once we have eliminated the potential securities risk by removing <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
>
|
|
services not needed, we can start to secure our existing services and software on our server. In this chapter we will discuss some of the more general, basic techniques used
|
|
to secure your system. The following is a list of features that can be used to help prevent attacks from external and internal sources.
|
|
</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="Secure-optimize.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap5sec29.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Security, Optimization and Upgrade</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="Secure-optimize.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>BIOS</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |