1 / 14

Linux Security

Linux Security. 資管研究生 劉順德. Outline. General Security Account Local Network Patch Services Security Sendmail BIND/DNS Apache FTP Recent Linux security information Linux worm. General Security. Account The password length Set login time out for root account Special account

jelsa
Download Presentation

Linux Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux Security 資管研究生 劉順德

  2. Outline • General Security • Account • Local • Network • Patch • Services Security • Sendmail • BIND/DNS • Apache • FTP • Recent Linux security information • Linux worm

  3. General Security • Account • The password length • Set login time out for root account • Special account • Blocking anyone to su to root

  4. General Security • Local • Find all files with SUID/SGID bit enabled • Local login access control • More control on mounting a file system • Fix the permissions under “/etc/rc.d/init.d” • Resource limits • Integrity Checking

  5. General Security • Network • Use xinetd • An program to replace inetd and tcp wrapper • Routing Protocol • Disable source routing • Enable TCP SYN Cookie Protection • Echo 1> /proc/sys/net/ipv4/tcp_syncookies • Clear issue file

  6. General Security • Patch • Patch information : • http://www.redhat.com/support/errata/ • Download • ftp://updates.redhat.com/ • Integrity Check • rpm –checksig <PatchFile> • Install : • Rpm –Uvh <PatchFile>

  7. Securing Sendmail • The Sendmail restricted shell “smrsh” • The “/etc/aliases” file • Prevent your sendmail being abused by unauthorized users • Restrict who may examine the queue’s contents • Set the immutable bit on important sendmail files

  8. Securing BIND/DNS • Running BIND/DNS in a chroot jail

  9. Securing Apache • Change some inportant permission file and directories of your web server • Automatic indexing • Create the .dbmpasswd password file for users authentication • Immunize important configuration file like “httpd.conf” • Running apache in a chroot jail • Configuration of the new “/etc/logrotate.d/apache” file

  10. Securing FTP server • The ftpusers file • The anonymous FTP program • The upload command • The special file “.notar” • The noretrieve command

  11. Recent Linux security information • Linux worm • Radmen (infect Redhat6.2 & 7.0) • Lion (infect Bind 8.2.x ) • The Same features • According an Vulnerability to attack • The same work flow

  12. Logging ip Syn scan attack ftp

  13. Reference • www.securityfocus.com • Securing and Optimizing RedHat Linux • Maximum Linux security • Linux security How-To

More Related