i want to know more about this.. what to do ...how to do everything from closing unwanted services, applying patches ...to removing a rootkit , catching a rootkit . don't understand me wrong i know how to close a service, checking from rootkit but i want some advices from sombody which certanly knows more than i know. if somebody can tell me how to do some script to automaticly download patches when its possible for each program that i use and install it it will be great. i know all so about ndis but in a few words I STILL HAVE TO LEARN ABOUT SECURITY.
thanks
Hmm, I don't know if Slackware has an automated way to download and install updates.
Might take a look at this book. The 2.0 version is available as a PDF. Free
I have been meaning to glance at it and see what it had, but I have not had the time.
http://www.openna.com/products/books/sol/solus.php
chkrootkit
http://www.chkrootkit.org/
first happy new year
i did take a look on the book ...it's very good, but what i need is to take advices from someone with experience in this things. the problem is that i don't have much experience in do security , only things that i know is from how-to's . its good to know theory, what is important is to know ho to do it. so jim when u have time i'd like to continue talking about security.
Yes security is an interesting topic. How about a "best practises" in the OMP's or something? Anyone?
Its better to regret something you have done than to regret something you havent done :P
There are many well written papers and forum discussions on common security settings to impelement on *nix. These days there is also a plethora of books covering most elementary and intermediate security topics. I would say your best bet, rather then relying on someone online, is to go to a book review site and find a book that is best suited to your needs.
I know that you want to talk with someone that has had experience, but the people that write most books have had some experience with what their talking about. I say some, because some book writers are stupid and fill it with fluff they don't understand. If you have a book in front of you to reference it will be a lot easier then finding the person to ask or keeping a log of everything they say.
I've personally found that the best way to understand system security is to understand the system itself. Not only will you be able to implement security measures but you will be able to understand why they work and how they may be circumvented.
Basic system security procedures such as shutting down services, auditing logs, keeping up to date, should be done on every system. Firewalls and intrusion detection systems are a good idea as well.
Other aspects of what you implement for your systems security are often based off of your level of paranoia. Hiding data with encryption, preventing exploitation with kernel patches, disabling system functionality to prevent certain types of rootkits to be installed, etc.
My advice for a basic system security configuration:
-Install a minimum installation.
-Use multiple partitions some which prevent various system times and permission levels. nosetuid and noexec are good options for things like /tmp.
-Audit all system scripts to disable unwanted behaviour. Insecure PATH environment variable, insecure default umask, (x)inetd.conf services, etc, etc.
-Deny all access to services you do need to use and explicity define who does have access.
-Remove all unnecessary setuid binaries.
-Make key files immutable.
-Write a firewall to deny all access to typical services (ports <1024).
-Run things like chkrootkit on the crontab.
-Keep a database of md5sums generated from all of your files and diff them or install a program to watch them.
-Audit logs regularly, if you can't do it everyday, install a program to audit them for you and generate reports.
-Any key software such as servers or setuid programs that you run regularly should have mailing lists for releases. Subscribe to the lists and update asap when new releases come out.
-Don't let people you don't know on your system. Local privilege escalation is a joke on most systems. (Although with the above measures it should be harder)
There are so many other things you could do and implement. As you go you may find other things to do. This is just off the top of my head and things I do when I'm installing a new system.
For more advanced things you may want to check out kernel patches that create non-executable stack and heap memory. Look into stack protection mechanisms like StackGuard and StackSheild. (It should be noted that these can be bypassed under some circumstances). Think about disabling kernel module support to prevent lkm rootkits.
Anyway... I'm tired of typing so I'm going to stop.
Posting Permissions
Reply With Quote
Bookmarks