Linux Security

[Robert F. Stockdale IV]

Darin Perusich wrote:

> when it comes to security there is no such thing as overkill, expecially
> if your machines are on the internet. generally you want your most
> paranoid sysadmin in control of such boxes. if you can, i recommend only
> running one service per machine. that way if one get's compromised and
> your box get's taken down, you don't loose your other services.
>
> running daemons in a chroot jail is a good habit to get into. again, if
> the system needs to be secured or it's on the net. certain programs,
> like named (BIND) come ready to run chroot'd. others, like sendmail you
> need to "prepare" to run chroot'd. running service as a $USER other then
> root is another good habit to get into.
>
> > With respect to this, what are some good security practices with linux?  What is > overkill and what is not?  As the days go on more and more people learn how to
> > get past the securotoes in
> > linux -- Trying to come up with a list of which ones are good to do and which
> > secruity changes will actually "open" up your system more is quite hard.
>
> > Also, in the Securing and Optimizing Linux Guide, I read about a CHroot
> > environment.  Are there any good docs on the theorey of this and can this method > be done with any daemon (service
> > etc) that has login capabilities?
>
> > FYI - Linux is starting to become the OS of choice on many US NAval ships -- > WOOHOO
>
> > Ronald K. Wechter
> > Network Systems Administrator
> > Navy Recruiting Department Buffalo
> > (716) 551-4901
>
>
> --
> Darin Perusich
> Unix Administrator
> Cognigen Corp.
> darinper at cognigencorp.com

Take a look at this past issue of Linux Mgazine. Article about User Mode Linux (UML). Suggests using a UML virtual machine for security risky processes and
applications that you need to run.
Bob Stockdale
javabob at localnet.com