I just thought it'd be interesting to have everyone give *some* details as to how they go about securing their linux boxes. Everything ranging from file system changes, configuration files, tcpwrappers/iptools, or other various tools/methods. Get some posts going.

most of the techniques that *nix securing guides emphasize are imho bullshit. Yes you can remove unneccesary SUID permissions, install snort or tripwire, maybe even a rootkit for backup but when it comes down to the security risks each propose to your box its almost useless unless you plan on being hacked ahead of time. unless someone gets local access to your box somehow those are mostly just safety procedures in case of this happening. iptools and other network filtering software is helpful to an extent that it will block most of the important rouge packets that might try to infiltrate your ip stack but as long as you keep your kernel and network services up-to-date security wise (advisories) you are mostly secure. iptools/tcpwrappers can help you to minimize the presence and response to undesired packets by dropping them but with certain tools like time-signature recognition software (p0f/nmap) and response time analysis (OS Detection based on different OS build's default response times) you can still gather a good amount of intel even when you might think your locked down. Usually p0f or nmap can guess your build with as little as 2 packets sent from your machine or theirs then matched to a signature base of dif OS ip stacks tim sig diffs. There are ways to defend against this with packet filters like iptools (custom set false sigs) but it can be a bitch to setup if you don't know it by heart. I think the best way to avoid most of this is to start from the inside out and set strict filters for local machines first, important/dependent external machines next (DNS, ARP, ICMP, etc), and if your going real strick just drop anything from unknown sources using protocols other than TCP. You'll want to drop packets from sources that lack a set stream you didn't establish yourself ofcourse, that way you should be set for any outbound TCP and mostly secure from unnecessary inbound traffic.

in addition to methods minion stated definitely want to shutdown all but necessary services, remove unnecessary users (other add no login shell), upgrade all software and kernel (thats sounds like reverse order). After that and minions suggestions it should be pretty hard to #. i have a one-liner i will post in follow up.

I'd also suggest disabling ptrace and procfs if possible.

Web security is an important also vital aspect of any website. Take for instance that you are the owner of a online shopping website and there is an attack on your website stealing vital codes and consumer information from your website it could completely ruin your business and lead to personal identity theft of your customers.

You will under all circumstances like to avoid even the remotest of such possibilities


pci compliant