Slackware System Hardening - Security

This is a discussion on Slackware System Hardening - Security ; Just in time for Slackware 11.0, the new and improved Slackware System Hardening document for Slackware 10.2. Enjoy dentonj http://www.cochiselinux.org/files/sy...ening-10.2.txt A couple of the older versions: http://www.cochiselinux.org/files/sy...ening-10.1.txt http://www.cochiselinux.org/files/sy...dening-0.4.txt...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Slackware System Hardening

  1. Slackware System Hardening

    Just in time for Slackware 11.0, the new and improved Slackware System
    Hardening document for Slackware 10.2.

    Enjoy

    dentonj


    http://www.cochiselinux.org/files/sy...ening-10.2.txt

    A couple of the older versions:

    http://www.cochiselinux.org/files/sy...ening-10.1.txt
    http://www.cochiselinux.org/files/sy...dening-0.4.txt


  2. Re: Slackware System Hardening

    On 02.09.2006, dentonj@gmail.com wrote:
    > Just in time for Slackware 11.0, the new and improved Slackware System
    > Hardening document for Slackware 10.2.
    >
    > Enjoy
    >
    > dentonj
    >
    >
    > http://www.cochiselinux.org/files/sy...ening-10.2.txt


    Could you stop writting such crappy "security" guides?

    You *blindly* advise to stop Sendmail, Apache, BIND, inetd and so on.
    You don't advise not to install them, just to shut them down.

    #v+
    /etc/shells:
    Allowing users to run different shells allows them to bypass any security
    restrictions set on their login shell.
    #v-

    How could that be true? How would the `removepkg zsh' add _anything_ to
    system security?

    #v+
    /sbin/tune2fs:
    Stop fsck from running every 22 boots. The new setting means fsck only
    runs every 6 months. If you would like to fsck more often, then adjust
    as necessary.
    #v-

    Very good advice. Pretty damn good! Who needs fsck? And how is it going
    to work with ReiserFS or XFS?

    Also, removing slrn, nn, strace, gdb and nc adds very much to system
    security.

    /etc/profile stuff:
    #v+
    # Kick and lockout users that are UID 0 but are not root
    if [ `id -u` = "0" -a `echo $USER` != "root" ]; then

    # Lock the user out
    passwd -l $USER

    # Save some info
    date >> /root/****
    netstat -peanut >> /root/****
    ps auxww >> /root/****
    w >> /root/****
    #v-

    ROTFL. It's pretty easy to avoid running /etc/profile.

    --
    Niektórzy lubi± dozziego...
    Oczywi¶cie szanujemy ich.
    Stanislaw Klekot

+ Reply to Thread