Chapter 5. General System Security

Table of Contents

1. BIOS
2. Security as a Policy
3. Choose a right Password
4. The root account
5. The /etc/exports file
6. Disable console program access
7. Disable all console access
8. The inetd - /etc/inetd.conf file
9. TCP_WRAPPERS
9.1. Don't display system issue file
10. The /etc/host.conf file
11. The /etc/services file
12. The /etc/securetty file
13. Special accounts
14. Blocking; su to root, by one and sundry
15. Put limits on resource
16. Control mounting a file system
17. Conceal binary RPM
18. Shell logging
19. The LILO and lilo.conf file
20. Disable Ctrl-Alt-Delete keyboard shutdown command
21. Physical hard copies of all-important logs
22. Tighten scripts under /etc/rc.d/
22.1. The /etc/rc.d/rc.local file
23. Bits from root-owned programs
24. The kernel tunable parameters
24.1. Prevent your system responding to Ping
25. Refuse responding to broadcasts request
26. Routing Protocols
27. Enable TCP SYN Cookie Protection
28. Disable ICMP Redirect Acceptance
29. Enable always-defragging Protection
30. Enable bad error message Protection
31. Enable IP spoofing protection
32. Log Spoofed, Source Routed and Redirect Packets
33. Unusual or hidden files
34. System is compromised !

A secure Linux server depends on how the administrator configures it to be. Once we have eliminated the potential securities risk by removing RPM services not needed, we can start to secure our existing services and software on our server. In this chapter we will discuss some of the more general, basic techniques used to secure your system. The following is a list of features that can be used to help prevent attacks from external and internal sources.