Hardening Linux 204
davidmwilliams writes "Out of the box, many Linux systems are insecure with open ports and unpatched vulnerabilities. Read about the essential steps to
secure your server as well as how to solve them manually and via automated tools like Bastille."
Hmmmm (Score:1, Insightful)
Dude, that article sucked. (Score:5, Insightful)
It reads more like someone who's just discovered Bastille and now considers himself "informed" on "security issues".
Step #1. Limit the avenues of attack. This is where you'd use nmap.
Step #2. Remove anything you don't absolutely need. Come on, most people out there will be running some distribution now. At least he could have covered dpkg, rpm, etc.
What's this with the "Enter kill -9 xxx where xxx is the PID."? How about just
And editing xinetd.conf / inetd.conf? Again, just use the package manager to remove it.
And he doesn't even go into how each distribution handles package updates? What the fuck? Nothing about "apt-get update"? No "apt-get upgrade"?
No, this article is about someone's discovery of Bastille and how it helps an old, stock installation of Red Hat.
Re:How To in summary... (Score:4, Insightful)
That's because the article fell through a hole in time, and actually belongs in 1997. They are already yelling to give their article back. No self-respecting consumer distro has shipped with open ports in ages.
Box? (Score:5, Insightful)
Before making a claim like that, the writer should come up with at least three examples, from current versions of major distros.
Reminds me of a local woman who said "We must have a town-wide neighborhood watch, because there's a child sexual predator on every block." In the several years since she raised that hysteria, there's been exactly one serious case in town: one of her best friends had his extensive child porn collection found by the police. He hired the state's most expensive lawyers and got off with probation. She's still his best friend.
Back to the topic. The article mentions telnet. Is there a single current distro that comes with telnetd enabled? Let's help the sloppy author. Has anyone here installed any current distro and found "open ports and unpatched vulnerabilities"?
Re:Lots of linux stories on the front page (Score:3, Insightful)
There are other kinds of FOSS products than Linux btw - so why is Linux the only one to get 30% of the index page?
Allthough I like and use Linux, I think the point is valid.
- Jesper
Re:Per-distro comparisons? (Score:4, Insightful)
Re:How To in summary... (Score:5, Insightful)
gentoo has great service management
GUI tools are seriously annoying, since this article is about security and disabling unneeded services having config tools that require the unneeded service X11 is pretty silly.
Use nmap? (Score:3, Insightful)