Warning: fopen(/var/www/valentblog/wp-content/gt-cache/en/_en_2009_11_09_hardening-linux) [function.fopen]: failed to open stream: Permission denied in /var/www/valentblog/wp-content/plugins/global-translator/translator.php on line 1118

Warning: flock() expects parameter 1 to be resource, boolean given in /var/www/valentblog/wp-content/plugins/global-translator/translator.php on line 1119

Warning: fwrite(): supplied argument is not a valid stream resource in /var/www/valentblog/wp-content/plugins/global-translator/translator.php on line 1123

Warning: fclose(): supplied argument is not a valid stream resource in /var/www/valentblog/wp-content/plugins/global-translator/translator.php on line 1125
Hardening Linux UNIX BDS ø ø valent

Hardening Linux

By valent, November 9, 2009

In the article we will learn to apply the concepts of an operating system generally all'Hardening * nix like system, in particular, we will work step by step trying to increase the security level of a GNU / Linux generic.

Computer security has always been one of the most important issues, but at the same time, delicate to deal with, but especially concrete.
And 'a must for the area, the famous phrase: "No computer can be 100% safe," dogma essential.
Yet the need to increase the security levels of a system is always larger, and the design of a secure environment leads to drastically reduce the usability of the system.
For this reason it is born the process of hardening an operating system, which aims to make a more secure environment exists and easily usable.
The default installation of a GNU / Linux tends to be very rich in features and software, and reasonably, therefore, insecure, because it exposes the outside services with standard configurations, often useless for our purposes.

Partitioning

The first step is surely to review the entire disk partitioning.
This is a matter of scalability, and help prevent damage from attacks DOS file system that attempt to fill the available space on the disk, making the system unusable.


The organization of a UNIX file system provides some standard directories that are commonly the most exposed to various types of attacks because of their function within the OS:
/ var: where a generation "abnormal" of logs in a short time can saturate the space of the partition.
/ tmp. : That being used to contain temporary files is often in too high privileges. Rootkits and exploits are often launched precisely from this directory.
The first thing to do is check the file: / etc / fstab and give a look at the processes that connect the partition to its mount points at boot time:
# Cat / etc / fstab

/ dev/md0 none swap sw 0 0

/ dev/md1 / boot ext3 defaults 0 0

/ dev/md2 / ext3 defaults 0 0

In this example we have a swap partition, a dedicated / boot partition and a single root.
As has been said before, depending on the type of FS and partitioning (RAID, LVM, must etc. ..) used, we must ensure that we arrive at a solution which includes at least one partition for / var and one for / tmp, following this scenarios lead to a point like this:

# cat / etc / fstab

/ dev/md0 none swap sw 0 0
/ dev/md1 / boot ext3 defaults 0 0
/ dev/md2 / ext3 defaults 0 0
/ dev/md3 / var ext3 defaults 0 0
/ dev/md4 / tmp ext3 defaults 0 0

To repartition the disks you can use tools such as fdisk, parted or those available in the suite of LVM.
* Beware, if you use LVM, the / must be removed to make the resize and partitioning.

In the next few days the second part of the guide Hardening Linux ...

Written by Emiliano Mancini-Valent blog.eu

  • Partitioning a hard ...

  • Hardening Linux 2 ...

  • Hardening Linux 3 ...

  • Improving performance SSD optimize ...

  • Grsecurity security system for Linux kernel ...

  • Encryption of a domU filesystem ...

    • categories Guest post, linux, security | tags DoS attacks, file system, hardening, linux, lvm, partitioning, rootkits

    Leave a Reply

    Cancel Reply

    Panorama theme by Themocracy