Slashdot Mirror

← Back to Stories (view on slashdot.org)

Securing Linux Production Systems

Posted by timothy on from the checklist-of-checklists dept.

robyannetta writes "Securing Linux Production Systems: A Practical Guide to Basic Security in Linux Production Environments is a practical step-by-step guide for securing Linux production systems. It shows how to meet basic security requirements for Linux systems that need to pass security audits. If you have been assigned to come up with a corporate Linux Security Standard, then you should definitely read on."

3 of 30 comments (clear)

  1. Other interesting stuff by larry2k · · Score: 1, Informative

    If you'll read de above article maybe you'll find interesting this: http://www.securityfocus.com/tools

    --

    The package said "Windows XP or better. Pentium Class Processor or better"... So I got a Mac with OS X

  2. Re:/ and /boot by Meetch · · Score: 2, Informative
    I'm not sure about before LVM, but now it's in...

    While I'm sure with enough fiddling it can be done, /boot generally doesn't like living in an LVM filesystem. The main reason for that would be the boot loader needs to load extra and interpret the metadata to figure out where the initrd you want is loaded from. I imagine most distros simply won't let you put /boot on a logical volume because it requires too much extra.

    I did manage to get /boot to live happily on a software RAID1 mirrored partition - this was based on a RH 7.3 build, but RedHat won't do that for you by default (do any?).

    Of course, it's not such a problem with proper enterprise storage (but you still can't put boot on an LV, as a rule)...

  3. Re:Firewall? by Anonymous Coward · · Score: 1, Informative

    I'm the author of this article. Someone just emailed me that the article was posted here.

    Your assertion is simply incorrect. You seem to have too much time to make other people look bad. When this article was posted on osnews I got emails from people about why I didn't cover iptables. I realized that I should have explained my reasoning behind this which prompted me to add a note. My experience is that hardware based firewalls are used for production systems/networks and not iptables. And just because someone posted a similar opinion on osnews doesn't mean that I used his idea. You shouldn't make this kind of assertion about other people. There are simply other people who agree with me or probably just have read my updated note.

    Unfortunatelly, when I wrote my first Oracle article people copied the whole article, some even removed all links and my name. This prompted me to add the copyright notice.

    Werner