Since i have to manage a lot of linux boxes in our network i was looking for a way to secure all of these boxes against the ‘basics’ and i made noted (yea, really!) of this. Here you will find some of the basic security tips.
Audit your server
In my search i found that ‘Tiger’ was a great way to audit a linux box. On debian you can install this packages by using the apt system (apt-get install tiger) and then run tiger with the -E flag (tiger -E). The -E stands for explanation report which can be very since the output generally is a but cryptic.
Tiger also comes with a cron version that you can run every night and make it e-mail you the outcome!
i recently found the tool called ‘john’, also known as ‘John the Ripper’, and i loved it right-away. John is a password cracker that reads hashed passwords and tries to crack them. On one of our web servers it cracked several password combinations within hours!
If you find a user with a cracked password but you can’t reset it (or the user won’t listen to you) then try to use chroot. Please find a manual here.
Most systems come with there /tmp folder placed under the root filesystem /. This is not a very good idea, sorry to tell you. This would mean that all files in the /tmp could also be executed and this is a serious problem. If you don’t know why or what i mean please refer to the Debian security manual page 1 (RTFM!)
If you have the possibility, create a new disk/partition specially for tmp and remove all execution rights through fstab with the ‘noexec’ option.
Anti-DDOS / mod_evasive
For small attacks this apache mod is very useful. All you have to do on debian is ‘apt-get install libapache2-mod-evasive’ and you are good to go. To take precautions against syn flooding you could also use the sysctl option ‘sysctl -w net.ipv4.tcp_syncookies=1’
Some general stuff to remember
– If you don’t need it, delete it. Stuff like FTP/Telnet/Inetd etc. Minimize all the software/open ports
– Check your open ports with nmap (nmap xxx.xxx.xxx.xxx) or netstat -a
– Configure the network with VLAN’s per client so you can see very quickly who is doing what
– Keep software up to date
– Make sure you have a strong password policy (even if the client doesn’t like it!)
– Disable SSH root login