Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 44
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
/etc/security/*, including /etc/security/limits.conf, where again various sane
limits can be imposed. An in depth look at PAM is beyond the scope of this document. The
User−Authentication HOWTO (http://tldp.org/HOWTO/User−Authentication−HOWTO/index.html)
has more on this.
Make sure someone with a clue is getting root's mail. This can be done with an "alias". Typically, the
mail server will have a file such as /etc/aliases where this can defined. This can conceivably
be an account on another machine if need be:
•
# Person who should get root's mail. This alias
# must exist.
# CHANGE THIS LINE to an account of a HUMAN
root: hal@bigcat
Remember to run newaliases (or equivalent) afterward.
Be careful where you get software. Use trusted sources. How well do you trust complete strangers?
Check Red Hat's ftp site (or mirrors) first if looking for a specific package. It will probably be best
suited for your system any way. Or, the original package's project site is good as well. Installing from
raw source (either tarball or src.rpm) at least gives you the ability to examine the code. Even if you
don't understand it ;−) While this does not seem to be a wide spread problem with Linux software
sites, it is very trivial for someone to add a very few lines of code, turning that harmless looking
binary into a "Trojan horse" that opens a backdoor to your system. Then the jig is up.
•
So someone has scanned you, probed you, or otherwise seems to want into your system? Don't
retaliate. There is a good chance that the source IP address is a compromised system, and the owner
is a victim already. Also, you may be violating someone's Terms of Service, and have trouble with
your own ISP. The best you can do is to send your logs to the abuse department of the source IP's
ISP, or owner. This is often something like "[email protected]". Just don't expect to hear much
back. Generally speaking, such activity is not legally criminal, unless an actual break−in has taken
place. Furthermore, even if criminal, it will never be prosecuted unless significant damage (read: big
dollars) can be shown.
•
Red Hat users can install the "Bastille Hardening System", http://www.bastille−linux.org/. This is a
multi−purpose system for "hardening" Red Hat and Mandrake system security. It has a GUI interface
which can be used to construct firewall scripts from scratch and configure PAM among many other
things. Debian support is new.
•
So you have a full−time Internet connection via cable−modem or DSL. But do you always use it, or
always need it? There's an old saying that "the only truly secure system, is a disconnected system".
Well, that's certainly one option. So take that interface down, or stop the controlling daemon
(dhcpcd, pppoed, etc). Or possibly even set up cron jobs to bring your connection up and down
according to your normal schedule and usage.
•
What about cable and DSL routers that are often promoted as "firewalls"? The lower priced units are
mostly equating NAT (Network Address Translation), together with the ability to open holes for
ports through it, as a firewall. While NAT itself does provide a fair degree of security for the systems
behind the NAT gateway, this does not constitute anything but a very rudimentary firewall. And if
holes are opened, there is still exposure. Also, you are relying on the router's firmware and
implementation not to be flawed. It is wise to have some kind of additional protection behind such
routers.
•
What about wireless network cards and hubs? Insecure, despite what the manufacturers may claim.
Treat these connections just as you would an Internet connection. Use secure protocols like ssh only!
•
Security Quick−Start HOWTO for Red Hat Linux
7. General Tips 41
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.246 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale