FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 08-10-2010, 08:06 AM
Kaushal Shriyan
 
Default Hardening Ubuntu Hardy Heron 8.04 OS

Hi

Please refer me to a document or wiki to Harden Ubuntu Hardy Heron OS 8.04

Thanks

Kaushal

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 08-11-2010, 12:20 AM
Joe McDonagh
 
Default Hardening Ubuntu Hardy Heron 8.04 OS

On 08/10/2010 04:06 AM, Kaushal Shriyan wrote:
> Hi
>
> Please refer me to a document or wiki to Harden Ubuntu Hardy Heron OS 8.04
>
> Thanks
>
> Kaushal
>
AFAIK there isn't one specifically for Ubuntu; it's just kind of 'apply
best practices' type thing i.e:

* lock down logins (ssh, interactive, password policy)
* audit passwd files through scripts
* don't run non-essential services
* remove unnecessary packages like samba
* so on and so forth ad infinitum

Maybe there is a generic Linux hardening guide out there you can follow,
I'm relying on some years of experience to secure my boxes.
It's not like RHEL where government agencies use it and push for
security of the highest levels, thereby increasing the amount of
hardening documentation available.

I'd say to start off the best thing you can do is install bastille,
chkrootkit, OSSEC, and snort. All of those are pretty out of the box
ready to use, save snort. For more advanced security it would be good
for you to learn PAM and AppArmor.

--
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
L'ennui est contre-révolutionnaire


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 08-11-2010, 12:32 AM
Stefan Schmidt
 
Default Hardening Ubuntu Hardy Heron 8.04 OS

On Tue, Aug 10, 2010 at 08:20:41PM -0400, Joe McDonagh wrote:
> > Please refer me to a document or wiki to Harden Ubuntu Hardy Heron OS 8.04
> >
> AFAIK there isn't one specifically for Ubuntu; it's just kind of 'apply
> best practices' type thing i.e:
>
> * lock down logins (ssh, interactive, password policy)
> * audit passwd files through scripts
> * don't run non-essential services
> * remove unnecessary packages like samba
> * so on and so forth ad infinitum

There is the 'harden' metapackage to help you with these tasks, plus
http://packages.ubuntu.com/search?keywords=harden&searchon=names&suite=hardy& section=all
a few extra which it suggests.

Also harden refers to this debian documentation on the topic:
http://www.debian.org/doc/manuals/securing-debian-howto/

Stefan

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 08-11-2010, 12:37 AM
Paul Graydon
 
Default Hardening Ubuntu Hardy Heron 8.04 OS

On 08/10/2010 02:20 PM, Joe McDonagh wrote:
> On 08/10/2010 04:06 AM, Kaushal Shriyan wrote:
>> Hi
>>
>> Please refer me to a document or wiki to Harden Ubuntu Hardy Heron OS 8.04
>>
>> Thanks
>>
>> Kaushal
>>
> AFAIK there isn't one specifically for Ubuntu; it's just kind of 'apply
> best practices' type thing i.e:
>
> * lock down logins (ssh, interactive, password policy)
> * audit passwd files through scripts
> * don't run non-essential services
> * remove unnecessary packages like samba
> * so on and so forth ad infinitum
>
> Maybe there is a generic Linux hardening guide out there you can follow,
> I'm relying on some years of experience to secure my boxes.
> It's not like RHEL where government agencies use it and push for
> security of the highest levels, thereby increasing the amount of
> hardening documentation available.
>
> I'd say to start off the best thing you can do is install bastille,
> chkrootkit, OSSEC, and snort. All of those are pretty out of the box
> ready to use, save snort. For more advanced security it would be good
> for you to learn PAM and AppArmor.
>
I'd fully agree. Locking down a Linux machine is very dependent on what
it's actually doing. Routines for locking down a web server is rather
different from a file server, etc. etc. Simple rule of thumb: Deny by
default, permit grudgingly. Disable (and later delete if proven
unnecessary) and accounts that aren't needed on the machine. Disable
every unused service, and ultimately look to removing them off the
server if they have no purpose being on there (e.g. cups if it's not a
print server). The list goes on!

There are plenty of good results that come up here:
http://lmgtfy.com/?q=linux+server+hardening+steps

Paul

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 03:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org