Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Software Linux

Hardening Linux 204

Posted by CmdrTaco from the you-know-you-should dept.
davidmwilliams writes "Out of the box, many Linux systems are insecure with open ports and unpatched vulnerabilities. Read about the essential steps to secure your server as well as how to solve them manually and via automated tools like Bastille."
This discussion has been archived. No new comments can be posted.

Hardening Linux More

Hardening Linux

Comments Filter:

  • Hmmmm (Score:1, Insightful)

    by WizMaster ( 974384 ) on Sunday August 12, 2007 @10:37AM (#20202843)
    Only skimmed the article but it seems to be pushing Bastille more then anything else. Don't know of any installer that automagically starts services unless you specify them yourself. I'm pretty sure there are far better security tutorials and introductions. Better yet, your distro probably has one specifically for it. This seems more like advertising then anything useful. I could be wrong though.

  • Dude, that article sucked. (Score:5, Insightful)

    by khasim ( 1285 ) <brandioch.conner@gmail.com> on Sunday August 12, 2007 @10:46AM (#20202913)
    Did you see where it mentioned nmap? No? Because it didn't. Wouldn't you expect it to tell you to run nmap from a different machine to you can what your outside profile looks like?

    It reads more like someone who's just discovered Bastille and now considers himself "informed" on "security issues".

    Step #1. Limit the avenues of attack. This is where you'd use nmap.

    Step #2. Remove anything you don't absolutely need. Come on, most people out there will be running some distribution now. At least he could have covered dpkg, rpm, etc.

    What's this with the "Enter kill -9 xxx where xxx is the PID."? How about just /etc/init.d/service_name stop? Just use the package manager to remove it.

    And editing xinetd.conf / inetd.conf? Again, just use the package manager to remove it.

    And he doesn't even go into how each distribution handles package updates? What the fuck? Nothing about "apt-get update"? No "apt-get upgrade"?

    No, this article is about someone's discovery of Bastille and how it helps an old, stock installation of Red Hat.

  • Re:How To in summary... (Score:4, Insightful)

    by Knuckles ( 8964 ) <knuckles@@@dantian...org> on Sunday August 12, 2007 @10:51AM (#20202947)
    And yet if someone writes an article like this on how to secure Windows (where lets face it the advice, aside from #3 is exactly the same) it's proof that Windows is insecure.

    That's because the article fell through a hole in time, and actually belongs in 1997. They are already yelling to give their article back. No self-respecting consumer distro has shipped with open ports in ages.

  • Box? (Score:5, Insightful)

    by wytcld ( 179112 ) on Sunday August 12, 2007 @11:02AM (#20203011) Homepage

    Out of the box, many Linux systems are insecure with open ports and unpatched vulnerabilities.
    That box must have a lot of dust on it, and an early 13-floppy Slackware distro inside.

    Before making a claim like that, the writer should come up with at least three examples, from current versions of major distros.

    Reminds me of a local woman who said "We must have a town-wide neighborhood watch, because there's a child sexual predator on every block." In the several years since she raised that hysteria, there's been exactly one serious case in town: one of her best friends had his extensive child porn collection found by the police. He hired the state's most expensive lawyers and got off with probation. She's still his best friend.

    Back to the topic. The article mentions telnet. Is there a single current distro that comes with telnetd enabled? Let's help the sloppy author. Has anyone here installed any current distro and found "open ports and unpatched vulnerabilities"?

  • Re:Lots of linux stories on the front page (Score:3, Insightful)

    by SplatMan_DK ( 1035528 ) on Sunday August 12, 2007 @11:20AM (#20203137) Homepage Journal
    There is more to being an IT Geek than pushing Linux to the world.

    There are other kinds of FOSS products than Linux btw - so why is Linux the only one to get 30% of the index page?

    Allthough I like and use Linux, I think the point is valid.

    - Jesper

  • Re:Per-distro comparisons? (Score:4, Insightful)

    by DrXym ( 126579 ) on Sunday August 12, 2007 @12:12PM (#20203437)
    I think a dist security roundup would be an awesome thing. Do a default install of Mandrive, RedHat, Ubuntu etc. and then run nmap, examine their password policy, see what "dangerous" apps are installed by default and so on. Dists should be named and shamed if they have a single port open.

  • Re:How To in summary... (Score:5, Insightful)

    by Jessta ( 666101 ) on Sunday August 12, 2007 @12:40PM (#20203633) Homepage
    I've alway found GUI tools to be slow and weird.
    gentoo has great service management /etc/init.d/ start /etc/init.d/ restart /etc/init.d/ stop

    GUI tools are seriously annoying, since this article is about security and disabling unneeded services having config tools that require the unneeded service X11 is pretty silly.

  • Use nmap? (Score:3, Insightful)

    by verbatim_verbose ( 411803 ) on Sunday August 12, 2007 @04:39PM (#20205315)
    Why do "security experts" like these folks always suggest using nmap to determine what services you are running? Have these folks never heard of netstat?

Slashdot Top Deals

This restaurant was advertising breakfast any time. So I ordered french toast in the renaissance. - Steven Wright, comedian

Close