Part 3. Security, Optimization and Upgrade

Bat

Abstract

Now that we have installed a base system, the next three chapters will concentrate on

  • How to tighten the security of our configured system.

  • Optimise our sytem to perform at its peak.

  • Upgrade our machine for the latest kernel.

Please note when we talk of tightening the security we are referring to the features available within the base installed system and not to any new additional software. We will talk about that later in this book.

Table of Contents

5. General System Security
1. BIOS
2. Security as a Policy
3. Choose a right Password
4. The root account
5. The /etc/exports file
6. Disable console program access
7. Disable all console access
8. The inetd - /etc/inetd.conf file
9. TCP_WRAPPERS
9.1. Don't display system issue file
10. The /etc/host.conf file
11. The /etc/services file
12. The /etc/securetty file
13. Special accounts
14. Blocking; su to root, by one and sundry
15. Put limits on resource
16. Control mounting a file system
17. Conceal binary RPM
18. Shell logging
19. The LILO and lilo.conf file
20. Disable Ctrl-Alt-Delete keyboard shutdown command
21. Physical hard copies of all-important logs
22. Tighten scripts under /etc/rc.d/
22.1. The /etc/rc.d/rc.local file
23. Bits from root-owned programs
24. The kernel tunable parameters
24.1. Prevent your system responding to Ping
25. Refuse responding to broadcasts request
26. Routing Protocols
27. Enable TCP SYN Cookie Protection
28. Disable ICMP Redirect Acceptance
29. Enable always-defragging Protection
30. Enable bad error message Protection
31. Enable IP spoofing protection
32. Log Spoofed, Source Routed and Redirect Packets
33. Unusual or hidden files
34. System is compromised !
6. Linux General Optimization
1. The /etc/profile file
2. Benchmark Results
3. Benchmark results-i586
4. Benchmark results -i486
5. The bdflush parameters
6. The buffermem parameters
7. The ip_local_port_range parameters
8. The /etc/nsswitch.conf file
9. The file-max parameter
10. The ulimit parameter
11. The atime and noatime attribute
12. Tuning IDE Hard Disk Performance
13. Better manage your TCP/IP resources
7. Configuring and Building a Secure, Optimized Kernel
1. Pre-Install
1.1. Make an emergency boot floppy
2. Uninstallation and Optimization
3. Securing the kernel
4. Compilation
5. Kernel configuration -Part "A"
6. Kernel configuration -Part "B"
7. Kernel configuration -Part "C"
8. Kernel configuration -Part "D"
9. Kernel configuration -Part "E"
10. Installing the new kernel
11. Delete programs, Edit files pertaining to modules
12. Create a emergency Rescue and Boot floppy disk