5. General System Security
Prev 3. Security, Optimization and Upgrade Next

5. General System Security

Table of Contents

BIOS
Security as a Policy
Choose a right Password
The root account
The /etc/exports file
Disable console program access
Disable all console access
The inetd - /etc/inetd.conf file
TCP_WRAPPERS
Don't display system issue file
The /etc/host.conf file
The /etc/services file
The /etc/securetty file
Special accounts
Blocking; su to root, by one and sundry
Put limits on resource
Control mounting a file system
Conceal binary RPM
Shell logging
The LILO and lilo.conf file
Disable Ctrl-Alt-Delete keyboard shutdown command
Physical hard copies of all-important logs
Tighten scripts under /etc/rc.d/
The /etc/rc.d/rc.local file
Bits from root-owned programs
The kernel tunable parameters
Prevent your system responding to Ping
Refuse responding to broadcasts request
Routing Protocols
Enable TCP SYN Cookie Protection
Disable ICMP Redirect Acceptance
Enable always-defragging Protection
Enable bad error message Protection
Enable IP spoofing protection
Log Spoofed, Source Routed and Redirect Packets
Unusual or hidden files
System is compromised !

A secure Linux server depends on how the administrator configures it to be. Once we have eliminated the potential securities risk by removing RPM services not needed, we can start to secure our existing services and software on our server. In this chapter we will discuss some of the more general, basic techniques used to secure your system. The following is a list of features that can be used to help prevent attacks from external and internal sources.

BIOS

It is recommended that you set a Boot password to disallow booting from floppy drives and set passwords on BIOS features. You can check your BIOS manual or look it over thoroughly the next time you boot up your system to know how to do this. Disallowing the possibility to boot from floppy drives and being able to set a password to access the BIOS features will improve the security of your system. This will block undesired people from trying to boot your Linux system with a special boot disk and will protect you from people trying to change BIOS feature like allowing boot from floppy drive or booting the server without prompt password.

Prev Home Next
3. Security, Optimization and Upgrade Up Security as a Policy