d

Linux Security: The Complete Documentation

• This category contains 20 Papers
• The last paper was added on 2007-03-26 (YYYY-MM-DD)

Administrator’s Security Guide (Linux)

Published on 2001-09-03, by Kurt Seifried, ©Kurt Seifried.

I wrote this book originally because no Linux security documentation existed back in the late 1990\’s. Since then several Linux security books have been published, but in general they all have shortcomings (for example one of them spends 40 pages on cops, a largely obsolete tool). So anyways I\’ve decided it\’s time to update the book, which is one major advantage of doing this on the www. Currently it is April 2001, I\’m hoping the major rewrite will be done by fall or winter of 2001 and then the LASG can go back into \"maintenance\" mode for a while. Writing the preface is boring so I\’m gonna stop here and you can go read the book itself.

Are your servers Secure???

Published on 2005-01-13, by Blessen Cherian, ©Specialized Systems Consultants, Inc..

NO. No machine connected to internet is 100% secure. This doesn't mean that you are helpless. You can take measures to avoid hacks, but you cannot avoid completely. Its like a house, when the windows and doors are open then the probability of a thief coming in is high. But if the doors and windows are closed the probability of being robbed is less but not nil. I hope you all understand...

comp.os.linux.security FAQ

Published on June 29, 2002, by Daniel Swan, comp.os.linux.security.

This FAQ is intended to serve as a starting point for those new to the newsgroup, but is also intended to be a survey of Linux security issues and tools. This FAQ is aimed at intermediate to experienced Linux users and is intended to not only answer specific questions, but to also facilitate further learning by providing pointers other useful security resources.

Guide To Linux Security (My)

Published on July 2002, by Rob Tougher, www.linuxgazette.com.

This article explains the steps I take to secure my home computer and data communications. If you are an active proponent of computer security, this article will be a review. If you do not have any security practices currently, you should read on to get a general idea of how to secure a Linux box. This obviously isn't a complete security reference - I take security seriously, but I'm not as vigilant as I could be with my computer. You will have to see for yourself whether or not the items in this article provide enough security for your needs.

Hardening Linux: a 10 step approach to a secure server

Published on 2005-06-16, by Flavio Villanustre, ©Flavio Villanustre.

The Internet has become a far more dangerous place than it was 20 years ago. Nowadays, Operating System and application security is an integral part of a server configuration and, while firewalls are very important, they are not the panacea.

This list of steps is intended as a guideline with a practical approach. We’ll try to provide a complete picture without getting into unnecesary details. This list won’t replace a good book on secure systems administration, but it will be useful as a quick guide.

Before we get started it’s worth to mention that security is not a status: it’s just a process. The correct initial setup of the server only provides a good start and helps you get half the way through. But you actually need to walk the other half of the road, by providing proper security vigilance, monitoring and updating.

Installation of a Secure Web Server

Published on date n.c, by Marc Heuse, SuSe.

Web servers are the most exposed servers on the Internet. In order for clients/ target groups to be able to access the information provided, web servers must be accessible from any point on the Internet. In contrast to other public services like DNS and FTP, the Web is especially tempting for "Crackers": a succesful "hack" of a system can be visualized by changing the appearance of the home page to increase awareness of the hacker's presence. Such an occurence can lead to a significant loss of confidence for a company - and this even more so if sensitive information like credit card details etc. are filched or even published.

Linux Kernel Hardening

Published on January 23, 2002, by Anton Chuvakin, ©SecurityFocus.

This article will cover the issues of Linux hardening, with a specific focus on kernel hardening and its use on production systems. Several kernel-hardening approaches and their usability will be analyzed.

Linux Kernel Hardening

Published on November 18, 2003, by Taylor Merry, ©SANS Institute.

While not inherently insecure, the standard Linux kernel lacks advanced features to prevent or contain certain types of malicious attacks. This paper explores two approaches to hardening the standard Linux kernel: address space (memory) protection and advanced access control. Additions to the kernel which place restrictions on an application's address space make it possible to prevent many types of buffer overflows attacks. The addition of an access control system can remove many, if not all of the privileges assigned to the traditional superuser account.

Linux Process Containment – A practical look at chroot and User Mode Linux

Published on June 03, 2003, by Paul Lessard, ©SANS Institute.

Process containment has been used for quite a long time in the computing world for the use of testing beta software and increasing the security of a process. Containing a process, which is commonly known as "jailing" a process, removes a process from the full system and stops activity inside of the container from affecting anything outside the container. There are several jailing tools available, but this paper will discuss two tools available as part of all major Linux distributions: chroot, and User-mode Linux.

Linux-PAM System Administrators’ Guide (The)

Published on June 26, 2002, by Andrew G. Morgan, ©Andrew G. Morgan.

This manual documents what a system-administrator needs to know about the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system.

Maybe I Should Be Afraid of Linux?

Published on 2000, by Jay Beale, www.bastille-linux.org.

In my time as a Security Administrator for a Solaris shop, I had to give the occasional briefing to my boss: we're vulnerable. A new security hole has just been discovered and every major Unix/Linux is vulnerable, from Solaris to Irix to Red Hat Linux. After briefing my boss on our risk and my plans to do something about such, he asks me the same question: can you find an exploit? Rather often, I've had to answer "nope." Actually, my answer is usually something like: "I've found an exploit against the Linux version, but no one's releasing it widely for Solaris yet." My boss is both partially relieved and partially bothered. Why?

Secure CVS Pserver Mini-HOWTO

Published on February 2003, by Morgon Kanter, ©Morgon Kanter.

This document will help you set up a more secure CVS Pserver for anonymous CVS access.

Secure OS Environments for Linux

Published on April 14, 2003, by Pedro A. Luz-Romero, ©SANS Institute.

In this paper I make a review of the main set of tools and resources available for Linux system administrators willing to build an operating system with enhanced security features that allow applications to run securely in a network accessible from the Internet. I have summarized the state of the art in this subject by offering an overview of the tools, compiling the most useful references and classifying them accordingly. The ultimate goal of the paper is to make more affordable the initial work for anyone interested in this topic.

Secure POP via SSH mini-HOWTO

Published on September 30, 1998, by Manish Singh, ©Manish Singh.

This document explains how to set up secure POP connections using ssh.

Secure Programming for Linux and Unix HOWTO

Published on March 03, 2003, by David A. Wheeler, ©David A. Wheeler.

This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. Specific guidelines for C, C++, Java, Perl, PHP, Python, TCL, and Ada95 are included.

Securing a Debian Linux Laptop for Road Warriors

Published on April 04, 2001, by Stephanie Thomas, ©SANS Institute.

For as long as mobile computers have been around, System Administrators have had to wrestle with the problems of securing them. Having a portable computer, while immensely advantageous to the user, can present some unique and challenging security vulnerabilities to the System Administrator. Many laptop users work remotely where their computers are exposed to a hostile network. To ensure productivity, remote users must be able to securely access email and files stored within the company's internal network. In addition, laptops are easy to steal - there have been numerous cases of laptop theft at the U.S. State Department within the past year : http://www.cnn.com/2000/US/04/17/state.computer.02/

Security HOWTO (Linux)

Published on June 11, 2002, by Kevin Fenzi and Dave Wreski, ©Kevin Fenzi and Dave Wreski.

This document is a general overview of security issues that face the administrator of Linux systems. It covers general security philosophy and a number of specific examples of how to better secure your Linux system from intruders. Also included are pointers to security-related material and programs. Improvements, constructive criticism, additions and corrections are gratefully accepted. Please mail your feedback to both authors, with "Security HOWTO" in the subject.

Security Quick-Start HOWTO for Linux

Published on August 29, 2002, by Hal Burgiss, ©Hal Burgiss.

This document is a an overview of the basic steps required to secure a Linux installation from intrusion. It is intended to be an introduction.

Security Quick-Start HOWTO for Red Hat Linux

Published on July 21, 2002, by Hal Burgiss, ©Hal Burgiss.

This document is a an over

Survey of Process Environments (A)

Published on November 20, 2002, by Steven Grubb, www.web-insights.net.

This report is an attempt to perform a survey of various well known programs that spawn trusted and untrusted child processes. The effort was mostly to get a feel for the variety of techniques used and to see if there were any obvious problems. The following table shows what programs we surveyed, problem found, and its status as of 20 Nov 2002.