Hardening Linux
Brett Rilling
Linux Security Overview: (Brief Summary of Linux Security Areas)
- Physical (Data Center, biometric, cabinet, lock)
- Perimeter (Firewall, IDS, proxy)
- OS Hardening
- Application Security
OS Hardening Process:
- Develop Secure Build Profiles
- Perform min install
- Incrementally add apps/utils until system functions for purpose
- Harden OS
- Use resultant hardened system as baseline for a secure build profile
- Deploy Systems Using Appropriate Secure Build Profile
- Continuously Audit Systems for nuances from Secure Build Profile
Harden OS:
- Software Patching
- File System Options
- File Permissions
- Remove Unnecessary Services
- Lock down System Services
- Secure Login Methods (Console and Remote)
- Secure User Settings and Privileges
- Logging
- Third Party Applications
Today
