Xaero_Vincent wrote:Here are some useful tips a guy on slashdot posted to help protect your Linux severs in addition to the things I've mentioned:
Run a hardware NAT firewall/router. Any ol' Linksys, Dlink or Netgear thang will do. Just remember it's not the be all and end all to security problems.
Open as few ports as absolutely possible. I have nothing open on my router except port 22 and BitTorrent, and I don't leave BitTorrent running all the time
Check your logs at least once a day. Look for any suspicious signs -- missing log entries, ssh connects you weren't expecting, services running that you don't normally have running, NICs going into promiscuous mode unexpectedly, excessive mail being pumped
through any MTAs, etc.
When running OpenSSH, I disallow password authentication. This prevents problems with users due to the use of stupid passwords. My sshd only accepts a valid RSA key exchange as acceptable authorization.
Regularly update and run rootkit checkers. These are not be all end all, but they help spot obvious rootkits
Make cron jobs that regularly scan your system for unusual permissions -- world writeable, binaries that are setuid, etc. and for suspicious files. There are programs and scripts that will do this for you. STFW or check with your distro.
Perform MD5 checking on your files and executables, espcially.
Regularly check your/etc/passwd and/etc/group files for new or unusual entries.
Don't run NIS -- it's inherently insecure. You should be using OpenLDAP if you need directory authorization on your network.
umm ... Excuse me -- I really don't want to do all of that. I really don't want to do all of that every day. I don't know about you but I spend all day seeing sick people for a living; and I program computers its so I can do that better. When I sit down
at my computer I want to do what I want to do, not defend my pc against the evil internet I cannot live without.
If linux requires me to do all of the above just to be safe on the internet then linux is broken.