Re: Security questions

To: Shaleh <shaleh@livenet.net>
Cc: Debian <debian-user@lists.debian.org>
Subject: Re: Security questions
From: Daniel Martin <martind@math.jhu.edu>
Date: Tue, 21 Oct 1997 12:24:33 -0400 (EDT)
Message-id: <[🔎] Pine.SOL.3.96.971021120015.5596A-100000@chow.mat.jhu.edu>
Reply-to: martind@math.jhu.edu
In-reply-to: <[🔎] 344CC865.635A179E@livenet.net>

On Tue, 21 Oct 1997, Shaleh wrote:

> I am setting up a server to allow our customers shell access.  I want
> this sucker to be air-tight.  We have a few hacker/phreaker wannabes.
> Any suggestions?
> 

1: Tripwire. (I've never used it myself, but everything I hear about it
sounds like you'd want to be using it)

2: stick with the stable Debian hierarchy as much as possible, and don't
install packages you can't find a reson for on the machine.  (For example,
do you need an xserver on the machine or is it sufficient to only allow
xclients?  Do you really need xntpd on this machine?)

3: Find some way to regularly skim over the syslogs - I keep thinking that
there ought to be some program to facilitate this, but...

4: Arrange somehow (via a cron job, perhaps?) to have something like:
find / -perm -04000 | diff /var/log/propersuidfiles
run regularly. (the find command is looking for all suid files; presumably
the file /var/log/propersuidfiles was created earlier by dumping the
results of this find command on a system you know is "clean")  Review the
results.  Tripwire may do something equivalent to this.

5: Use shadowed (or nis, or anything but the old-style crypted entries in 
/etc/passwd) passwords.

6: Consider regularly running crack on your users' passwords to screen for
weak passwords.

7: Configure tcpwrappers to log the results of an identd check.  (I'm
reasonably certain that this is easy to do with the standard Debian setup,
but can't remember how)

Most of the time the part of security that gets neglected is detecting
attempted breakins that fail - often, hackers will try simple stuff before
they progress to more sophisticated attacks.  If the simple stuff is
detected, even though it may have failed, you can at least know whom to
watch.  (And the shock of being caught red-handed can have a remarkable
effect on many hacker-wannabes)

(NOTE: I am not a security expert, nor do I have direct experience
administering a machine that must be kept secure from the users; I just
happened to spend most of my undergraduate years working for a very
security-conscious sysadmin)

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Security questions
  - From: Shaleh <shaleh@livenet.net>

Prev by Date: Re: Security questions
Next by Date: network setup confusion
Previous by thread: Re: Security questions
Next by thread: network setup confusion
Index(es):
- Date
- Thread