
       ***********************************************************
       *                                                         *
       *                 Topic: Linux Security                   *
       *                                                         *
       *                   Written by: phr4x                     *
       *                                                         *
       *                                                         *
       ***********************************************************


                * What is Linux?
                * Why secure?
                * Where to start?
                * If you are true paranoid
                * Disable accounts
                * Last words

  -------------============ What is Linux? =============--------------

 Linux is a Unix-like OS written by Linus Torvalds in 90/91'. Today,
 most people think that Windows is the only OS and doesn't know that
 there are plenty of OS's out there for Intel i386 (PC).
 Windows is just one of the most common one, because MS owns the market,
 but you can also get "Linux" that can be downloaded free from the
 Internet.

 Linux are an Open source system, that means everyone have access to the
 source code, so they can make there own changes, that's also why it is
 good for servers and networks. Many freelancer programmers are working
 on the source all the time to make it more stable. Such OS like Windows
 are owned by Microsoft, so it is only them, who has access to the
 source and can make changes. But if Linux is going to serve on the big
 bad Internet, it will need some security right'?
 
  -------------============  Why secure?   ==============--------------
 
 Securing the OS are harder than breaking into it, so I will try to
 explain the basic in securing Linux and specially the "RedHat"
 distribution. Every system is vulnerabilities to something, and no
 system is 100% secure, so don't expect your system is totally secured
 to hacker attempts after this issue.
 
  -------------============Where to start? ==============---------------
 
 The first place to begin are in the installation.  
 less packages/programs you install then less are the chance for
 installing a packages that might have a bug. Only install what you will
 need, lets just say you would like to make a web or mail server, then
 you will probably not need the "news &   or what? its up to you.
 RedHat is might the most vuln Linux distribution on the market, because
 they want to make it more user-friendly so its shipped with many
 deamons enabled and a dussin of programs you probably not will use
 anyway.
 
 When you have finished the installation, your should go on the
 internet, from another computer (remember you system is not secured
 yet) and get the latest updates and packages that doesn't contain a
 security risk. try http://www.redhat.com if its RedHat your running.
 
 simply type: rpm -Uvh new.package.rpm  #for update the current packages
 
 then your should start disabling some deamons like: finger(port79) -
 linuxconf(98) etc. Go to your /etc and edit the "inetd.conf" file. It
 contains what deamons that are running. When that's done, you must
 restart "inetd" to make some changes, do it with "kill -HUP 1".
 Also turnoff some services, with the menu "setup", it can also be done
 manually in /etc/rc.d.

 It would also be a good idea to add a new user that you will use for
 normal access, never login as root, but with a normal user, and then
 "su" when privileges command are needed.

 Add the user to the group "wheel" (if the group is not already there
 make it) and remember! it is only privileges user that should be added
 to that group, everybody else would be added to "users".

 The deal in making a new user for the "admin of the box" are, that you
 can make you own little group of people, that have access to commands,
 that nobody else have, like: su - last - lastlog - traceroute etc..
 type: "chgrp wheel /bin/su"   #it will assign su to the group wheel
 type: "chmod o-x /bin/su"     #only root/wheel can execute it
 You can then do the same thing with any else command and library that
 a normal user shouldn't have permission to.
 
 Then if your are going to use the box as a remote login host 
 like: telnet - rsh - ftp etc.. I will surgest you not using them, but
 SSH (Secure Shell) instead, it will become both ftp and telnet at once,
 but it will encrypt the session. Telnet/ftp/rsh etc.. will send
 passwords and other information in plaintext, so everybody can sniff
 accounts/passwds.
 
  -----------=========IF YOU ARE TRUE PARANOID!=========------------
 
 Then you can recompile some of the binaries and deamons, so they log or
 hide some logprograms or other libraries. But I won't discuss that, in
 this issue.
 By the way: this is only for some with a little background in C / C++
 
  -----------============ Disable accounts: ============-------------
 
 Disable the accounts your not using. Like if you not running anonymous
 ftp, then you will probably not need the account "ftp". And "News" is
 only for host with a news server installed.
 I have the following users:
 root
 bin
 deamon
 adm
 mail
 uucp
 nobody
 phrax

  -----------============= Last words: ==============-------------

 This issue was made for persons who have just installed Linux and are
 not quite sure or well known in securing there box.
 One thing are sure, if you only have made a default installation of
 Linux, you can be compromised in matter of time.


-Phrax