Lista de la compra de cosas que hacer para que una Linux box sea segura.
Slashdot | Cracked Linux Boxes Used to Wield Windows Botnets
Here's what I do. (I guess you could say these are some security tips for those running Linux boxes at home and leaving them up on the Net):
Slashdot | Cracked Linux Boxes Used to Wield Windows Botnets
Here's what I do. (I guess you could say these are some security tips for those running Linux boxes at home and leaving them up on the Net):
- Run a hardware NAT firewall/router. Any ol' Linksys, Dlink or Netgear thang will do. Just remember it's not the be all and end all to security problems.
- Open as few ports as absolutely possible. I have nothing open on my router except port 22 and BitTorrent, and I don't leave BitTorrent running all the time
- Check your logs at least once a day. Look for any suspicious signs -- missing log entries, ssh connects you weren't expecting, services running that you don't normally have running, NICs going into promiscuous mode unexpectedly, excessive mail being pumped through any MTAs, etc.
- When running OpenSSH, I disallow password authentication. This prevents problems with users due to the use of stupid passwords. My sshd only accepts a valid RSA key exchange as acceptable authorization.
- Regularly update and run rootkit checkers. These are not be all end all, but they help spot obvious rootkits
- Make cron jobs that regularly scan your system for unusual permissions -- world writeable, binaries that are setuid, etc. and for suspicious files. There are programs and scripts that will do this for you. STFW or check with your distro.
- Perform MD5 checking on your files and executables, espcially.
- Regularly check your
/etc/passwd and /etc/group files for new or unusual entries. - Don't run NIS -- it's inherently insecure. You should be using OpenLDAP if you need directory authorization on your network.
No hay comentarios:
Publicar un comentario