Xaero_Vincent wrote:
Here are some useful tips a guy on slashdot posted to help protect your Linux severs in addition to the things I've mentioned:
- Run a hardware NAT firewall/router. Any ol' Linksys, Dlink or Netgear thang will do. Just remember it's not the be all and end all to security problems.
- Open as few ports as absolutely possible. I have nothing open on my router except port 22 and BitTorrent, and I don't leave BitTorrent running all the time
- Check your logs at least once a day. Look for any suspicious signs -- missing log entries, ssh connects you weren't expecting, services running that you don't normally have running, NICs going into promiscuous mode unexpectedly, excessive mail being pumped through any MTAs, etc.
- When running OpenSSH, I disallow password authentication. This prevents problems with users due to the use of stupid passwords. My sshd only accepts a valid RSA key exchange as acceptable authorization.
- Regularly update and run rootkit checkers. These are not be all end all, but they help spot obvious rootkits
- Make cron jobs that regularly scan your system for unusual permissions -- world writeable, binaries that are setuid, etc. and for suspicious files. There are programs and scripts that will do this for you. STFW or check with your distro.
- Perform MD5 checking on your files and executables, espcially.
- Regularly check your
/etc/passwd and /etc/group files for new or unusual entries. - Don't run NIS -- it's inherently insecure. You should be using OpenLDAP if you need directory authorization on your network.
umm ... Excuse me -- I really don't want to do all of that. I really don't want to do all of that every day. I don't know about you but I spend all day seeing sick people for a living; and I program computers its so I can do that better. When I sit down at my computer I want to do what I want to do, not defend my pc against the evil internet I cannot live without.
If linux requires me to do all of the above just to be safe on the internet then linux is broken.
