[...]... Introduction T his book is a technical guide to hardening and securing Linux hosts and some of the common applications used on Linux hosts It provides information on how to harden the base Linux operating system, including firewalling and securing connections to your hosts It also looks at hardening and securing some of the applications commonly run on Linux hosts, such as e-mail, IMAP/POP FTP and DNS... can reach James Turnbull at james @hardening- linux. com xxvii 4444_FM_final.qxd 1/5/05 12:39 AM Page xxviii 4444c01_final.qxd 1/5/05 12:42 AM Page 1 CHAPTER 1 sss Hardening the Basics A t the heart of your Linux system is the Linux kernel and operating system Combined, these form the base level of your system on which all your applications run Comparatively speaking, the Linux operating system and kernel... this series, Hardening Apache (Apress, 2004) by Tony Mobily, for the complete picture on installing, configuring, and running secure Apache servers.1 In the limited space available in this book, I could not do this complicated and extensive topic justice How This Book Is Structured This book covers the following topics: Chapter 1, Hardening the Basics,” covers the basics of hardening your Linux hosts... chapter is entitled Hardening the Basics” because it is aimed at exploring and explaining 1 4444c01_final.qxd 1/5/05 12:42 AM Page 2 2 CHAPTER 1 s HARDENING THE BASICS the key areas of security and security configuration at that operating system and kernel level Additionally, I try to address some of the key weaknesses of a freshly installed Linux distribution or an existing unhardened Linux system and... I have set out to identify risks associated with running Linux and some of the applications that run on Linux hosts I have then provided technical solutions—backed by frequent examples, code, and commands—that minimize, mitigate, or in some circumstances negate those risks The configurations and examples I provide are designed to ensure your Linux hosts are hardened against attack while not limiting... Linux hosts It introduces the core security features of the Linux operating system and kernel and provides information and examples on how to harden them It also covers patching and updating your hosts and how to keep up-to-date with the latest security-related information for Linux Chapter 2, “Firewalling Your Hosts,” addresses securing your Linux hosts with the iptables firewall It covers setting up... one-off commands, or configuration tools I will use the generic term services for simplicity’s sake 4444c01_final.qxd 1/5/05 12:42 AM Page 5 CHAPTER 1 s HARDENING THE BASICS Securing Your Boat Loader Most Linux systems use one of two boot loaders, the Linux Loader (LILO) or Grub These boot loaders control your boot images and determine what kernel is booted when the system is started or rebooted They... a sample lilo.conf file Listing 1-1 Sample lilo.conf File prompt timeout=50 default =linux boot=/dev/hda map=/boot/map install=/boot/boot.b message=/boot/message linear password=secretpassword restricted 5 4444c01_final.qxd 1/5/05 12:42 AM Page 6 6 CHAPTER 1 s HARDENING THE BASICS image=/boot/vmlinuz-2.4.18-14 label =linux initrd=/boot/initrd-2.4.18-14.img read-only append="root=LABEL=/" The two important... with the installation of a new hardened host or if hardening an existing host Obviously, minimizing the functionality of an existing host is harder You need to make sure you are fully aware of all the functions that host performs and ensure you do not switch off or remove something that is required for that host to provide the required functionality Hardening a production host requires extensive testing,... 282 Scanning for Exploits and Root Kits 282 Testing Your Password Security 287 Automated Security Hardening with Bastille Linux 290 Outer Layer 295 NMAP 296 Nessus .