This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
From slashdot comments: by Kiwi (kiwi-nody4la@koala.samiam.org) on Friday June 02, @10:16AM PST (User Info) http://linux.samiam.org/linux_links.html Since we are talking about security here, here are some things Linux (and other UNIX) admins should keep in mind to keep their systems secure: * Use qmail or postfix instead of Sendamil. * Make sure you have all security patches for your system installed. Redhat users, for example, can find those patches here. * Linux users can read Linux weekly news for security updates. * Manage your SUIDs. Make sure you keep a close eye on all your suids. For example, I use this script to put all my suid in the directory /suid/bin: #!/bin/sh find / -type f -perm +6000 > /root/suids for a in `cat /root/suids` ; do mv $a /suid/bin ln -s /suid/bin/`echo $a | awk -F/ '{print $NF}'` $a done * Obviously, turn off all unneeded network services in /etc/inetd.conf and (usually) /etc/rc.d/rc3.d. You can see what services are running on your machine with netstat -na. * For a UNIX that is free and (hopefully) secure out of the box, check out OpenBSD or Trustix. The advantage of an open-source solution is that we have greater control over our systems, and can better optimize our systems for security. === Re:How to know if it's too late? (Score:3, Informative) by overshoot on Friday June 02, @01:52PM PST (User Info) Quick & Dirty: run rpm -Vf /sbin/* (or /usr/sbin or whatever) on any rpm-based system. It does a quickie RC5 checksum check on the executables (which shouldn't change from installation). Obviously this only works for rpm-based systems, but there are a lot of them. And, no, this is not a substitute for real tripwire-type watchdog security. But don't knock it, either. [ Reply to This | Parent ] === And here are the other lists. (Score:5, Insightful) by StenD (stend+slashdot@sten.org) on Friday June 02, @11:49AM PST (User Info) I've been told that they will be on the SANS web site Real Soon Now. Mistakes People Make That Lead To Security Breaches Technological holes account for a great number of the successful break-ins, but people do their share, as well. Here are the SANS Institute's lists of silly thinks people do that enable attackers to succeed. The Five Worst Security Mistakes End Users Make 1. Opening unsolicited e-mail attachments without verifying their source and checking their content first. 2. Failing to install security patches - especially for Microsoft Office, Microsoft Internet Explorer, and Netscape. 3. Installing screen savers or games from unknown sources. 4. Not making and testing backups. 5. Using a modem while connected through a local area network. The Seven Worst Security Mistakes Senior Executives Make 1. Assigning untrained people to maintain security and providing neither the training nor the time to make it possible to learn and do the job. 2. Failing to understand the relationship of information security to the business problem-they understand physical security but do not see the consequences of poor information security. 3. Failing to deal with the operational aspects of security: making a few fixes and then not allowing the follow through necessary to ensure the problems stay fixed 4. Relying primarily on a firewall. 5. Failing to realize how much money their information and organizational reputations are worth. 6. Authorizing reactive, short-term fixes so problems re-emerge rapidly. 7. Pretending the problem will go away if they ignore it. The Ten Worst Security Mistakes Information Technology People Make 1. Connecting systems to the Internet before hardening them. 2. Connecting test systems to the Internet with default accounts/passwords 3. Failing to update systems when security holes are found. 4. Using telnet and other unencrypted protocols for managing systems, routers, firewalls, and PKI. 5. Giving users passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated. 6. Failing to maintain and test backups. 7. Running unnecessary services, especially ftpd, telnetd, finger, rpc, mail, rservices 8. Implementing firewalls with rules that don't stop malicious or dangerous traffic- incoming or outgoing. 9. Failing to implement or update virus detection software 10. Failing to educate users on what to look for and what to do when they see a potential security problem. And a bonus, number 11: Allowing untrained, uncertified people to take responsibility for securing important systems. === Subject: Re: Top 5 admin chores From: "Anthony E. Greene" <agreene@pobox.com> Date: Tue, 30 May 2000 19:16:01 +0200 At 09:55 2000-05-30 -0700, Spunk S. Spunk III wrote: >I'm curious as to what some of the more experienced Linux gurus consider to >be their top 5 favorite or most important duties when setting up a machine. I'm not a guru, but I generally configure TCP-Wrappers and restrictions on Sendmail first. Then I add other applications, user accounts, etc. >They might be tricks or time-savers or security issues or whatever. For >instance, when setting up a regular user for yourselves, what group and how >high of a level do you make it? I make myself a normal user. I don't grant myself special privileges. It's so easy to "su -l" that it's hard to justify granting special privileges to my normal account. >What do you always turn on/off? Most used >admin tool? etc... I turn off anything that's not going to be used. I run ntsysv in runlevels 3 and 5 and turn off anything that's not needed. I edit inetd.conf to comment out unneeded services. Anything (except SSH) that enables remote admin is the first to go. Other services are disabled unless specifically needed for the machine. My most used admin tools are vi and cron ;-) === Subject: Re: Top 5 admin chores From: Eric Sisler <esisler@westminster.lib.co.us> Date: Tue, 30 May 2000 11:43:15 -0600 "Spunk S. Spunk III" <spunk@mac.com> >I'm curious as to what some of the more experienced Linux gurus consider to >be their top 5 favorite or most important duties when setting up a machine. >They might be tricks or time-savers or security issues or whatever. My top 5 most important duties when setting up a new server (in no particular order): 1) Disable and/or remove unused packages/services. They can always be re-installed later if the need arises. 2) Apply updates from errata website. *Keep up* with the errata after the server's in place. 3) Configure /etc/inetd.conf, tcp_wrappers & ssh. Configure & *test* UPS monitoring daemon if the server is so equipped. 4) Perform a full backup and have a backup strategy. 5) Compile a custom kernel to remove unnecessary services/modules. Also compile in support for SCSI adapters/devices, if the server is so equipped - if only because I frequently forget to run 'mkinitrd' and there's not much point in modular SCSI drivers on a server that has an embedded SCSI card. > For >instance, when setting up a regular user for yourselves, what group and how >high of a level do you make it? My regular user account is pretty much just a regular user account. I do have access to the login scripts for samba clients, but only to make editing them easier. > What do you always turn on/off? Always turn on: ssh/sshd, tcp_wrappers and some type of UPS monitoring daemon, if the server is so equipped. Always turn off: most of the services in /etc/inetd.conf and any other services that aren't in use. > Most used >admin tool? etc... vi, cron & shell scripts (bash & expect) ===