Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hardening Linux

Posted by CmdrTaco on from the you-know-you-should dept.

davidmwilliams writes "Out of the box, many Linux systems are insecure with open ports and unpatched vulnerabilities. Read about the essential steps to secure your server as well as how to solve them manually and via automated tools like Bastille."

3 of 204 comments (clear)

  1. Dude, that article sucked. by khasim · · Score: 4, Insightful

    Did you see where it mentioned nmap? No? Because it didn't. Wouldn't you expect it to tell you to run nmap from a different machine to you can what your outside profile looks like?

    It reads more like someone who's just discovered Bastille and now considers himself "informed" on "security issues".

    Step #1. Limit the avenues of attack. This is where you'd use nmap.

    Step #2. Remove anything you don't absolutely need. Come on, most people out there will be running some distribution now. At least he could have covered dpkg, rpm, etc.

    What's this with the "Enter kill -9 xxx where xxx is the PID."? How about just /etc/init.d/service_name stop? Just use the package manager to remove it.

    And editing xinetd.conf / inetd.conf? Again, just use the package manager to remove it.

    And he doesn't even go into how each distribution handles package updates? What the fuck? Nothing about "apt-get update"? No "apt-get upgrade"?

    No, this article is about someone's discovery of Bastille and how it helps an old, stock installation of Red Hat.

  2. Box? by wytcld · · Score: 4, Insightful

    Out of the box, many Linux systems are insecure with open ports and unpatched vulnerabilities.
    That box must have a lot of dust on it, and an early 13-floppy Slackware distro inside.

    Before making a claim like that, the writer should come up with at least three examples, from current versions of major distros.

    Reminds me of a local woman who said "We must have a town-wide neighborhood watch, because there's a child sexual predator on every block." In the several years since she raised that hysteria, there's been exactly one serious case in town: one of her best friends had his extensive child porn collection found by the police. He hired the state's most expensive lawyers and got off with probation. She's still his best friend.

    Back to the topic. The article mentions telnet. Is there a single current distro that comes with telnetd enabled? Let's help the sloppy author. Has anyone here installed any current distro and found "open ports and unpatched vulnerabilities"?
    --
    "with their freedom lost all virtue lose" - Milton
  3. Re:How To in summary... by Jessta · · Score: 4, Insightful

    I've alway found GUI tools to be slow and weird.
    gentoo has great service management /etc/init.d/ start /etc/init.d/ restart /etc/init.d/ stop

    GUI tools are seriously annoying, since this article is about security and disabling unneeded services having config tools that require the unneeded service X11 is pretty silly.

    --
    ...and that is all I have to say about that.
    http://jessta.id.au