Table of content
LEGAL NOTICE & DISCLAIMER .................................................................2
DOCUMENT VERSION HISTORY....................................................................3
RELATED DOCUMENTS..................................................................................3
LIST OF TABLES.................................................................................................................5
SUMMARY........................................................................................................................6
1. INTRODUCTION......................................................................................7
1.1. PURPOSE AND SCOPE ..............................................................7
1.2. ASSUMPTIONS .........................................................................7
1.3. INTENDED AUDIENCE......................................................................7
2. PHYSICAL SECURITY............................................................................8
2.1. BIOS PASSWORD .........................................................................8
2.2. PLACE SERVERS IN A CONTROLLED AREA................................................8
2.3. PREVENT SERVERS FROM BEING BOOTED THROUGH OTHER MEDIUM ........................8
2.4. SERVERS ARE TO BE PLACED IN RACKS WITH LOCKING MECHANISMS ......................9
2.5. CONCEAL CABLING AND POWER OUTLETS ................................................9
3. INSTALLATION AND CONFIGURATION.........................................................................................10
3.1. INSTALL FROM A CLEAN FORMATTED DRIVE ...................................................10
3.2. PARTITIONS ............................................................................................10
3.3. CUSTOM INSTALLATION.....................................................................................10
3.4. PATCHES.................................................................................................11
3.5. INSTALLING PATCHES........................................................................11
4. LINUX OPERATING SYSTEM HARDENING ...............................................12
4.1. ACCOUNTS ...................................................................................12
4.2. ACCOUNTS POLICY...........................................................................12
4.3. REMOVING UNNECESSARY ACCOUNTS.........................................................13
4.4. ROOT ACCOUNT...................................................................................13
4.5. SERVICES AND PORTS ............................................................................14
4.6. SECURING XINETD....................................................................15
4.7. SECURING "/ETC/SERVICES" FILE ......................................................16
4.8. DISALLOW ROOT LOGIN FROM DIFFERENT CONSOLES ..........................................17
4.9. BLOCKING SU TO ROOT...........................................................................17
Linux Security Guideline BruCERT
5
4.10. TCPWRAPPERS................................................................................................17
4.11. IPTABLES ....................................................................................................................................18
4.12. DETECTING SUID/SGID PROGRAMS......................................................................18
4.13. HIDING SYSTEM INFORMATION......................................................................................................19
4.14. OTHER UTILITIES ..........................................................................................19
4.15. TRIPWIRE ................................................................................................19
4.16. SENTRY TOOLS.....................................................................................20
4.17. BASTILLE ................................................................................................20
5. CONCLUSION ...........................................................................................21
REFERENCES............................................................................................................22
