[CALUG] Linux server security tips
James Ewing Cottrell 3rd
JECottrell3 at Comcast.NET
Tue Jun 8 18:07:13 EDT 2010
On 10/30/2009 7:07 PM, Jim Sansing wrote:
> The following was linked from LinuxToday. It is the best one I've ever
> seen:
>
> http://www.cyberciti.biz/tips/linux-security.html
>
> Later . . . Jim
>
These articles are generally good, altho some go too far. One Service
per FS? Excessive.
Likewise, separating Filesystems. A /usr separate from /? Antiquated.
With little if any added protection.
Disable accounts on failed passwords? Boy, would I like to work there!
Got to a lab and do fake logins on people you hate.
Selinux? How many people REALLY understand it? We can't even get people
to use Groups effective for permissions.
They also forgot other useful things such as Tripwire and using RPM -V
to verify packages.
I dunno why people think VPNs are a good idea...bring an Entire External
Host inside your net where it can mount a Direct Attack on Any Port???
Much better to SSH in or punch holes for specific services/ports.
Still, there is a lot of useful info there.
JIM
More information about the CALUG
mailing list