Overview

1. A short, informal summary.
   
   
2. We first consider basic security policy: learning about problems as they are found by the community; finding and installing security-related OS patches; uninstalling unnecessary services (such as FTP and Sendmail); and chrooting services.
   
   
3. Authentication: password systems, encryption and the Pluggable Authentication Module system.
   
   
4. Some distributions specialise in security issues. If you are particularly concerned about security, these distributions are worth considering --- perhaps simply as an educational tool.
   
   
5. A change of view point can be particularly useful. How does a potential intruder see your system? In this section we look at tools which help with this: Satan and Saint, and the Portscanners nmap and nessus.
   
   
6. Many system (and kernel) events cause entries to be made in log files. These can be used to audit a system and track cracking attempts. In this section we discuss syslogd and klogd, the logging daemons; iblm an X-based log-file viewer ("tail -f"); and remote logging --- logging of events on one host to another host, making it more difficult for hacker to "clean up" log files after a successful break-in.
   
   
7. Running services --- daemons listening on privileged ports --- is a hazardous business; there is no such thing as an unhackable server. But one can "wrap" services in access-control software to reduce the risks. We look at inetd, TCP Wrappers, Portmapper and xinetd.
   
   
8. No system is totally secure; to minimise damage we need to detect intrusions. To this end we introduce the AIDE, FCheck, Tripwire and chkrootkit. And, you'll find CVS very useful too!
   
   
9. Packet-filters: ipchains, iptables and ipfilter are all utilities which look at the source and destination addresses for each individual IP packet, and checks these against a list of rules in order to decide for or against passing, rejecting or dumping the packet.
   
   
10. Ideally hosts performing portscans or other rogue actions against your system should be blocked immediately --- a delay whilst the administrator gets around to looking at log files (or reads emails sent by utilities such as LogSentry --- formerly LogCheck) could be "fatal". Utilities exist which monitor portscans and other signs of foul-play real-time and automatically block access to/from these hosts. We look at Portsentry and IPTrap. We also mention psad, a utility which automatically blocks hosts according to information logged by ipchains or iptables.
    
    Tools which watch log files on your behalf and report significant events.
    
    
11. We consider the ultimate security add-ons to Linux: kernel-patches which extend the standard Unix security model. In particular, Medusa DS9 extends the Unix security architecture for Linux by offering fine-grained file protection, virtual spaces in which services/daemons (for example) can operate and system call monitoring.
    
    
12. Sending data, in particular passwords, over the network unencrypted is a bad idea. Secure shell (ssh) and associated utilities (scp and sftp) ensure all data passing between hosts is encrypted.
    
    
13. OpenBSD is a free, open source, Unix variant in which emphasis is placed on security-related issues. Certainly worth a look if you require a secure server.
    
    
14. Finally we offer some pointers to finding out more about security-related issues and Unix (Solaris/Linux).