Linux Security

[Darin Perusich]

when it comes to security there is no such thing as overkill, expecially
if your machines are on the internet. generally you want your most
paranoid sysadmin in control of such boxes. if you can, i recommend only
running one service per machine. that way if one get's compromised and
your box get's taken down, you don't loose your other services.

running daemons in a chroot jail is a good habit to get into. again, if
the system needs to be secured or it's on the net. certain programs,
like named (BIND) come ready to run chroot'd. others, like sendmail you
need to "prepare" to run chroot'd. running service as a $USER other then
root is another good habit to get into.



> With respect to this, what are some good security practices with linux?  What is > overkill and what is not?  As the days go on more and more people learn how to 
> get past the securotoes in
> linux -- Trying to come up with a list of which ones are good to do and which 
> secruity changes will actually "open" up your system more is quite hard.
 
> Also, in the Securing and Optimizing Linux Guide, I read about a CHroot 
> environment.  Are there any good docs on the theorey of this and can this method > be done with any daemon (service
> etc) that has login capabilities?
 
> FYI - Linux is starting to become the OS of choice on many US NAval ships -- > WOOHOO
 
> Ronald K. Wechter 
> Network Systems Administrator 
> Navy Recruiting Department Buffalo 
> (716) 551-4901 
 

-- 
Darin Perusich
Unix Administrator
Cognigen Corp.
darinper at cognigencorp.com