Friday, 22 May 2009

Hardening a RHEL5 Box and the NSA

Hardening a server takes two general activities: Reducing the number of services that can be attacked and protecting any services that are still required.

There are a lot of discussions on how to do this for various operating systems including RedHat Linux. RedHat's Deployement Guide is a good resource.

The NSA also has documents on securing your operating system. However, they're a little hard to get. I tried searching for RHEL5 on their site and had some difficulty access the documents in the search results:

NSA Site Search for RHEL5

Now it's a little hard to access the documents on the NSA's E drive, but I was able to eventually find them by getting in another way ;) ;) ... Okay, I didn't breakin to the NSA to get on their E drive, I found the page that actually good links: NSA/CSS Operating Systems.

There's a longer document (about 170 pages) and also a short reference (2 pages) which gives lots of good things to secure.

There are a lot of other good resources Online as well, so I won't ramble further. Just turn off anything you don't need, update what you do need frequently, and secure your system with a firewall, and other security tools (PortSentry, fail2ban, DenyHosts, anti-virus software, rootkit detection, etc, etc, etc).

- Arch
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Processing Deferred Messages in Postfix
    For anyone who's had to cleanup some mail problems with Postfix configuration (or more often with other things, like anti-spam, tied in ...
  • Cache in Openfire
    In the course of troubleshooting the office Jabber server the other day, I came across some interesting info about the various caches that O...
  • Cron scheduling for first Sunday of the month
    For everyone who uses cron, you are familiar with the job schedule form: min hr day-of-month month day-of-week <command> A problem...