Re: Security Documentation

["Aaron D. Turner" <aturner best com>]

-----BEGIN PGP SIGNED MESSAGE-----



On Sat, 9 Jan 1999, Bill Johnson wrote:

> There are always posts on this list related to security issues with Linux.
> (i.e. people getting "cracked" "hacked" "broken", etc.
> 
> I've been running RedHat 5.1 for a while now, and I would really like to
> understand the security issues better.  Is there a decent source of
> documentation out there somewhere that will answer this question:
> 
> HOW CAN A NEW LINUX USER RUNNING REDHAT 5.1 ENSURE THAT ON HIS SINGLE USER
> MACHINE (CONNECTED TO THE INTERNET VIA ISP) NO EXTERNAL USERS CAN
> ACCESS HIS MACHINE?

Fair enough question.  Unfortuneately there isn't a good answer.  It's
like asking what is the lastest CD to be released?  The correct answer
today (or even this hour) is different from the next.  There are a few
pointers I can give you:

1) Turn off all daemons that you don't use.  If your machine isn't a mail
server, then you don't need IMAP or POP3 daemons.  If you don't run a
nameserver, you don't need named.  keep going down the list.... timed,
finger, telnet, httpd, etc.

2) Subscribe to the RH announce list.  Everytime there is a new RPM that
fixes a security hole, it gets announced here.  (See the RH errata web
pages for current security updates.)

3) Watch your log files.  Notice odd messages being generated due to
people trying to connect to your system.

4) Read the Linux-Security-HOWTO available at your favorite LDP mirror. Do
what it says.

That will stop 95% or more of people who are trying to get into your box.
Most crackers are little more than kids who get scripts that try a bunch
of things.  99% of these tests have fixes by updating an RPM.  Many of
these fixes have been out for years/months/weeks.  The other 1% will have
a fix in a day or so (in general).

> On a related note, I never see much on this list about virus problems.
> Are viruses an issue with Linux, and if so, are there any recommendations
> for anti-virus software?

Viruses are not problems for Linux (for now at least).  Unix has a
different model than Windows which makes a virus very difficult to write
and survive in the wild.  Generally if you're good about not doing things
as root if you don't have to, you don't have anything to worry about.
McAfee once upon a time had a Linux virus scanner, but many people
believed it to be little more than a bogus product.

- -- 
Aaron Turner           | Either which way, one half dozen or another. 
aturner pobox com      | Check out the Red Hat Linux User's FAQ Online!
www.pobox.com/~aturner | http://www.pobox.com/~aturner/RedHat-FAQ/
All emails from this account are PGP signed.  Lack of a signature is "bad".
PGP Key fingerprint = FB E1 CE ED 57 E4 AB 80  59 6E 60 BF 45 1B 20 E8



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNpemUzM3jpXy1kJtAQGvbgP+MVydCA/v9cZLS44PeMi7Ap57sjLv1qpx
MUBFW4wkELW2YiH9jClyhxaJUjOhL+XcWID6Dnfmq1vTZWGXshs7UyCWfo3uMCMa
alcA6pq8yGHnSZpm35hwSvjz4LY1oQ33FPE9aCKvdm7ijn2VSf6pOMQ6uxsNKiCW
vnDvxc5auG4=
=4eYw
-----END PGP SIGNATURE-----