Slide 1
Excellent Education Program
Innovative Methods of Teaching

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Cum sociis natoque penatibus et magnis dis parturient.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 3
Learning Through Play
Find a Class for your Children

Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis.

previous arrow
next arrow

Complete Referance of Hardening in Linux Security

Spread the Knowledge
  • System Hardening Overview
  • Batille
  • Securing X-Windows
  • Securing Linux Daemons
  • Security patches
  • Security Benchmarks

System Hardening Overview

  • Linux, like other operatingsystems, is not secure “out of the box”
  • Security increases as newer versions and distros come out
  • Users/administrators still need to take steps to “harden” systems
  • Items typically requiring securing/hardening include:
  • X-Windows
  • System daemons
  • Networking services

Bastille

  • Scripts walk SA through several modules, automates changing a large number of configurable system items
  • Has modules for checking and configuring Internet services, suid(set-user-ID) files, account and boot security, and TCP wrappers
  • Bastille program is available from http://bastille-linux.sourceforge.net/
  • Bastille currently supports most distros of Linux and Unix including:
  • Red Hat, SuSe, Debian, Gentoo, Mandrake, and HP-UX

Securing X-Windows

  • X-windows is Graphical Interface for Linux
  • Comes with most distributions,but is ot part of them
  • Used to access systems both locally and remotely
  • X is a Protocol and set of utilities
  • Client-server design
  • Runs from the X server, and provides keyboard, mouse and video
  • Not configured securely by default
  • Signals can get intercepted btween x-server and client(either remote or local)
  • Several ways of securing X
  • xhost – controls authentication to x erver on a host basis
  • X server maintains lists of allowed hosts
  • xhost allows hosts to be added/deleted from list
  • Vulnerabilities: Host spoofing, sessions are per host, not per user
  • xauth – controls authentication through .Xauthority
  • .Xauthority file contains authentication ‘cookie’ that client must send to server
  • Best security mechanism is using X windows over ssh
  • Authentication can be controlled and audited through user credentials
  • communications traffic between x client and X erver is encrypted

Securing Linux Daemons

  • Daemons are same as Windows services
  • Programs that run in background to accomplish system tasks
  • Often run with a set of credentials and privilege levels
  • Securing Linux Daemons is to not install unnecessary ones!.
  • Best way to secure daemons is to not install unnessary ones!
  • Don’t use “Install Everything” option during installation
  • Install services according to machine role
  • Use ‘ps’ and ‘netstat’ commands to determine what services are running and network connections established by them
  • Many Daemons turned on/off in /etc/inetd.conf – edit this file to selectively disable services that are not needed
  • Recompiling kernel is another way to secure services
  • Generate learner kernel with only daemons you need supported
  • Eliminates risk of daemons being reconfigured or restarted

Security Patches

  • Even after initial hardening, Linux can still be insecure
  • New vulnerabilities discovered every day
  • Security patches issued to counter threats and fix vulnerabilities
  • Most current distros have automated patch utility
  • Connects to trusted centralized site and downloads latest patches
  • Usually provides patches for OS and popular software apps included in distro
  • Third party apps frequently need patches from different vendors
  • Usually manual download and installation process
  • Download patches only from trusted sites
  • Verify hashes provided with patches to ensure file integrity
  • Many utilities to download and install security patches
  • Up2date, YUM, and YaST are a few
  • Get familiar with your distro’s update utilities

Security Benchmarks

  • Several free and commercial tools exist to test/measure security on Linux
  • Benchmarks available for almost all distros
  • Usually automated tool that checks security of daemons, processes, accounts,permissions , etc.
  • Nessus is free valnerability scanner provided with most distros
  • Uses frequently updated database of vulnerabilities
  • Can be used for single or multiple machines
  • Uses client/server architecture

Latest posts by Amardeep Dubey (see all)