[Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

Abhishek Rane abhishekrane at gmail.com
Sat Dec 29 14:46:26 UTC 2007 

Karl Larsen wrote:
> Tod Merley wrote:
>> On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant at cdkkt.com> wrote:
>>  
>>> I have finally got my F8 setup and running so now I am reviewing the
>>> security issues that needs to be taken into account.
>>>
>>> I have looked into trying many things to protect and harden my systems,
>>> but I thought I'd ask members what they are doing/using to defend their
>>> systems against attacks and unwanted intrusions?  Would it be neat
>>> if there was an automatic non-human defender to do it for you while you
>>> sleep?  Dream on.
>>>
>>> I would like to focus on securing Fedora. I have tried snort w/Base 
>>> etc.,
>>> Tripwire, Fam, nmap, Iptable techniques, and so on.
>>>
>>> Does anyone have any advice, links to great sites focused on security
>>> and how to secure your linux box against intrusions and attacks?
>>>
>>> Thanks!
>>>
>>>
>>> No virus found in this outgoing message.
>>> Checked by AVG Free Edition.
>>> Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 
>>> 12/26/2007 5:26 PM
>>>
>>>
>>> -- 
>>> fedora-list mailing list
>>> fedora-list at redhat.com
>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>>
>>>     
>>
>> Hi  Daniel B. Thurman!
>>
>> It is late so topics only for tonight:
>>
>> 1. Turn off services you do not use.
>> 2. Make your computer "silent" to all but those who use it - e.g. turn
>> off ping - e.g. use a door knock protocol on a non-standard port for
>> ssh to access ssh (give no reply to those who knock on the normal port
>> and respond to only your special "knock" on your non-standard port),
>> 3. Have a constant background scan done for virus, root kit, e-mail,
>> changes in critical files, port scan, log  files (logwatch), and
>> audits for suspicious activity.  This can and should be "niced" to not
>> interfere with normal operations.
>> 4. Google "pen testing".  C/o osstmm.
>> 5. Honeypots!
>> 6. Backup your "used" areas often and in a number of different ways.
>> I use flash drives, CDs, and other portions of the local or remote
>> hard drives.  I also tend to put an occasional file in an obscure
>> e-mail account.  Be ready to "wipe and re-load" efficiently.  I have
>> played with the idea of using "ghosted" "snapshots" for this purpose
>> but have only taken that to the idea level. Tar is becoming a friend.
>> 7. Do planned "wipe and re-loads" several times a year.  For that
>> matter, if you simply save your used areas and then wipe and load the
>> new version of your distro when it comes out that is probably enough.
>> Be ready to restore to where you were if you need to.
>>
>> Ok, I lied - the one link I will give you has some very good ones at
>> the end.  Note the crazy quotes and the interesting message box near
>> the end:
>>
>> http://en.wikipedia.org/wiki/Computer_security
>>
>> Enjoy!
>>
>> Tod
>>
>>   
>    From my own experience I learned you need to use real good 
> passwords on EVERYTHING. I thought my user password was safe because 
> no one can get to that. WRONG. A ssh connection can use your weak user 
> password to get in.
>
>    So use passwords that include letters upper and lower case and 
> numbers. Then sleep well at night.
>
> Karl
>
>
Also to add ..There is a book called Hacking Exposed ..It would be very 
helpful to you.It exposes a lot of linux/unix 
vulnerabilities..http://www.hackingexposed.com/

More information about the fedora-list mailing list