Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tod Merley wrote:
> On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant@xxxxxxxxx> wrote:
>> I have finally got my F8 setup and running so now I am reviewing the
>> security issues that needs to be taken into account.
>>
>> I have looked into trying many things to protect and harden my systems,
>> but I thought I'd ask members what they are doing/using to defend their
>> systems against attacks and unwanted intrusions?  Would it be neat
>> if there was an automatic non-human defender to do it for you while you
>> sleep?  Dream on.
>>
>> I would like to focus on securing Fedora. I have tried snort w/Base etc.,
>> Tripwire, Fam, nmap, Iptable techniques, and so on.
>>
>> Does anyone have any advice, links to great sites focused on security
>> and how to secure your linux box against intrusions and attacks?
>>
>> Thanks!
>>
>>
>> No virus found in this outgoing message.
>> Checked by AVG Free Edition.
>> Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM
>>
>>
>> --
>> fedora-list mailing list
>> fedora-list@xxxxxxxxxx
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
> 
> Hi  Daniel B. Thurman!
> 
> It is late so topics only for tonight:
> 
> 1. Turn off services you do not use.
> 2. Make your computer "silent" to all but those who use it - e.g. turn
> off ping - e.g. use a door knock protocol on a non-standard port for
> ssh to access ssh (give no reply to those who knock on the normal port
> and respond to only your special "knock" on your non-standard port),
> 3. Have a constant background scan done for virus, root kit, e-mail,
> changes in critical files, port scan, log  files (logwatch), and
> audits for suspicious activity.  This can and should be "niced" to not
> interfere with normal operations.
> 4. Google "pen testing".  C/o osstmm.
> 5. Honeypots!
> 6. Backup your "used" areas often and in a number of different ways.
> I use flash drives, CDs, and other portions of the local or remote
> hard drives.  I also tend to put an occasional file in an obscure
> e-mail account.  Be ready to "wipe and re-load" efficiently.  I have
> played with the idea of using "ghosted" "snapshots" for this purpose
> but have only taken that to the idea level. Tar is becoming a friend.
> 7. Do planned "wipe and re-loads" several times a year.  For that
> matter, if you simply save your used areas and then wipe and load the
> new version of your distro when it comes out that is probably enough.
> Be ready to restore to where you were if you need to.
> 
> Ok, I lied - the one link I will give you has some very good ones at
> the end.  Note the crazy quotes and the interesting message box near
> the end:
> 
> http://en.wikipedia.org/wiki/Computer_security

You forgot one very important item.

Whatever you do, don't be paranoid...unless someone is really out to get you.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux