Security Quick-Start HOWTO for Linux

Hal Burgiss

     hal@foobox.net
    

v. 1.2, 2002-07-21

Revision History
Revision v. 1.22002-07-21Revised by: hb
A few small additions, and fix the usual broken links.
Revision v. 1.12002-02-06Revised by: hb
A few fixes, some additions and many touch-ups from the original.
Revision v. 1.02001-11-07Revised by: hb
Initial Release.

Table of Contents
1. Introduction
1.1. Why me?
1.2. Copyright
1.3. Credits
1.4. Disclaimer
1.5. New Versions and Changelog
1.6. Feedback
2. Foreword
2.1. The Optimum Configuration
2.2. Before We Start
3. Step 1: Which services do we really need?
3.1. System Audit
3.2. The Danger Zone (or r00t m3 pl34s3)
3.3. Stopping Services
3.4. Exceptions
3.5. Summary and Conclusions for Step 1
4. Step 2: Updating
4.1. Summary and Conclusions for Step 2
5. Step 3: Firewalls and Setting Access Policies
5.1. Strategy
5.2. Packet Filters -- Ipchains and Iptables
5.3. Tcpwrappers (libwrap)
5.4. PortSentry
5.5. Proxies
5.6. Individual Applications
5.7. Verifying
5.8. Logging
5.9. Where to Start
5.10. Summary and Conclusions for Step 3
6. Intrusion Detection
6.1. Intrusion Detection Systems (IDS)
6.2. Have I Been Hacked?
6.3. Reclaiming a Compromised System
7. General Tips
8. Appendix
8.1. Servers, Ports, and Packets
8.2. Common Ports
8.3. Netstat Tutorial
8.4. Attacks and Threats
8.5. Links
8.6. Editing Text Files
8.7. nmap
8.8. Sysctl Options
8.9. Secure Alternatives
8.10. Ipchains and Iptables Redux