Chapter 5. General System Security

Table of Contents
5.1. BIOS
5.2. Security as a Policy
5.3. Choose a right Password
5.4. The root account
5.5. The /etc/exports file
5.6. Disable console program access
5.7. Disable all console access
5.8. The inetd - /etc/inetd.conf file
5.10. The /etc/host.conf file
5.11. The /etc/services file
5.12. The /etc/securetty file
5.13. Special accounts
5.14. Blocking; su to root, by one and sundry
5.15. Put limits on resource
5.16. Control mounting a file system
5.17. Conceal binary RPM
5.18. Shell logging
5.19. The LILO and lilo.conf file
5.20. Disable Ctrl-Alt-Delete keyboard shutdown command
5.21. Physical hard copies of all-important logs
5.22. Tighten scripts under /etc/rc.d/
5.23. Bits from root-owned programs
5.24. The kernel tunable parameters
5.25. Refuse responding to broadcasts request
5.26. Routing Protocols
5.27. Enable TCP SYN Cookie Protection
5.28. Disable ICMP Redirect Acceptance
5.29. Enable always-defragging Protection
5.30. Enable bad error message Protection
5.31. Enable IP spoofing protection
5.32. Log Spoofed, Source Routed and Redirect Packets
5.33. Unusual or hidden files
5.34. System is compromised !

A secure Linux server depends on how the administrator configures it to be. Once we have eliminated the potential securities risk by removing RPM services not needed, we can start to secure our existing services and software on our server. In this chapter we will discuss some of the more general, basic techniques used to secure your system. The following is a list of features that can be used to help prevent attacks from external and internal sources.