UNIX and Linux SecurityChecklist v3.0AusCERT public release2007-07-25
Introduction
This document has been published by the Australian ComputerEmergency Response Team (AusCERT). It provides a checklist of steps to improve the security of UNIX and Linux systems. Weencourage system administrators to review all sections of thisdocument and if appropriate modify their systems to fix potentialweaknesses. The checklist is structured to follow the lifecycle of a system, fromplanning and installation to recovery and maintenance. Sections Ato G of the checklist are best applied to a system before it isconnected to the network for the first time. In addition, the checklistcan be reapplied on a regular basis, to audit conformance.No two organisations are the same, so in applying the checklistconsideration should be given to the appropriateness of each actionto your particular situation. Rather than enforcing a singleconfiguration, this checklist will identify the specific choices andpossible security controls that should be considered at each stage.Operating system specific footnotes throughout the document offersome additional information to help with applying these steps onspecific UNIX and Linux variants. The most current version of this document is available athttp://www.auscert.org.au/1935We will continue to update this checklist. Any comments should bedirected via email to auscert@auscert.org.au.Before using this document, please ensure you have the latestversion. New versions of this checklist will be available via the URLlisted above and should be checked for periodically.
Disclaimer
AusCERT advises that this information is provided without warranty -sites should ensure that actions and procedures taken frominformation in this document are verified and in accordance withsecurity policies that are in place within their organisation. Listing of
software products or tools within this document does not constituteendorsement by AusCERT or The University of Queensland.
Contents
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
1.
A. Determine Appropriate Security
Apply your organisation's information security policy to guide thedecisions made in this section.
A.1 Computer role
First decide on and document the role of this computer. This meansspecifying exactly which services the computer will provide.Example computer roles are:
•
email server and email virus/spam scanner
•
user workstation for word processing, email and web browsing
•
combined web server / database server
A.2 Assess security needs of each kind of datahandled
The security measures appropriate for this computer will dependgreatly on what information will be stored on it, or pass through it.
For Internet connected computers, even for unimportant data, acertain baseline level of security will be required, to stop thiscomputer being used as a platform to attack further into thenetwork or other external networks. The following steps will help to determine the security needs of thissystem:
1. Data on this system
Considering the computer role, identify each kind of information thatwill be handled by this computer. Examples are:
•
office emails
•
client personal data
•
private keys and certificates
•
source code being developed in-house The list should also identify information such as user passwords,which may be typed into this computer but which also give accessto other systems that use the same password.
2. Threats
Consider the potential threats to each kind of information identifiedabove. Which classes of attacker will be motivated to read, modifyor disable each of these kinds of data?Consideration of the threat should include both targeted andindiscriminate attacks.
Targeted attacks:
Targeted attacks refer to those where attackers may specificallytarget your business or your customers. Depending on the kind of information processed, threats may include malicious changes by adisgruntled insider, a denial of service attack for the purpose of extortion, or industrial espionage or sabotage.
Indiscriminate attacks:
All computers on the Internet are subject to these threats. Someorganisations believe that their systems will not be of interest toattackers; this is incorrect. Attackers are interested in controllingyour computers for a number of reasons, including to launch attackson other organisations, to send spam, or to capture users'authentication credentials.
Search History:
Result 00 of 00
00 results for result for
p.
J.4.2 Administer only from a secure workstation for UNIX and Linux Security Checklist
1.5K
Reads
3
Readcasts
5
Embed Views
Get Scribd Mobile
To get Scribd mobile enter your number and we'll send you a link to the Scribd app for iPhone & Android.We've sent a link to the Scribd app. If you didn't receive it, try again.
We'll never share your phone number.
More From This User
Notes
Load more
