Hardening Linux 204
davidmwilliams writes "Out of the box, many Linux systems are insecure with open ports and unpatched vulnerabilities. Read about the essential steps to
secure your server as well as how to solve them manually and via automated tools like Bastille."
AppArmour (Score:3, Interesting)
Per-distro comparisons? (Score:5, Interesting)
Anyone know of such a project - even if just comparing a few top-tier distributions?
Hardened Linux From Scratch (Score:3, Interesting)
That's a good point. Thanks. (Score:5, Interesting)
Yep. That's why I prefer hitting it from a different machine. Multiple machines if possible. One on the same LAN segment and one from somewhere on the Internet.
That way you'll see what a would-be-attacker will see.
Sure, I might be running SMTP on port 25, but bound to 127.0.0.1 instead of eth0. An attacker would have to FIRST gain access to my machine through some other means to be able to attack my SMTP service.
Sure, that first hurdle might be set very, Very, VERY, VERY high, but if someone can get over it
And that's what "security" is all about to me. It's the PROCESS of evaluating threats and reducing their effectiveness.
newbie article (Score:3, Interesting)
Re:Hardened? Hardly. (Score:1, Interesting)
After a few years of that, I ended up moving to OpenBSD, because I got tired of managing all the security aspects of the OS myself. It's a matter of convenience and especially time... though I also happened to also be pulled-in by excellent OBSD documentation and all-around integration that Linux "distros" lack.