Q

Learning how to secure Linux servers

I've been working with Unix (Solaris) and now I'm in charge of securing several Red Hat Linux 8 servers. Besides

the Red Hat literature, are there other good resources for information about my new task? Are there any common mistakes people make in securing Linux servers that I should know about? Check out the hardening how-tos in this section: http://www.linux-sec.net/Harden/howto.gwif.html, brought to you by the people at http://www.Linux-Sec.net.

There is a ton of good stuff out there, including PDFs from SIAC specific to Linux security. Books are also a good resource. Check out this book on securing Red Hat Linux systems:
http://www.expresscomputeronline.com/20020304/reviews5.shtml

Read up some on the Bastille Project (http://www.bastille-linux.org/). The Bastille Hardening System hardens Linux and Unix operating systems. It supports the Red Hat, Debian, Mandrake, SuSE and other flavors in addition to most Unix distributions. The project itself is run by Jon Lasser.

Regarding mistakes people make, I would say the biggest mistake would be not properly backing up your systems before undertaking a major hardening effort. If something goes wrong and you need to revert back to a previous release, you must be diligent about this. You also need to make sure you do not work in a vacuum. Tightening up your systems only a little bit might mean your applications will not work anymore. You have to bring your applications team in the process and make sure any changes to the systems are carefully planned and tested. Certain directories might need certain permissions for the application to work properly. You may also be getting rid of logins that you don't think are being used, but in actuality really are. It sounds simplistic, but make sure your ports are not being used before commenting them out!

Another big mistake is making wholesale changes. Implement your hardening plan carefully and strategically. If you make more than one change, and something doesn't work, there is no way of knowing what broke it. Careful change management will also help your process.

Good luck!

K

This was first published in June 2003

Dig deeper on Linux system security best practices

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close