On Tue, 21 Oct 1997, Shaleh wrote: > I am setting up a server to allow our customers shell access. I want > this sucker to be air-tight. We have a few hacker/phreaker wannabes. > Any suggestions? >
1: Tripwire. (I've never used it myself, but everything I hear about it sounds like you'd want to be using it) 2: stick with the stable Debian hierarchy as much as possible, and don't install packages you can't find a reson for on the machine. (For example, do you need an xserver on the machine or is it sufficient to only allow xclients? Do you really need xntpd on this machine?) 3: Find some way to regularly skim over the syslogs - I keep thinking that there ought to be some program to facilitate this, but... 4: Arrange somehow (via a cron job, perhaps?) to have something like: find / -perm -04000 | diff /var/log/propersuidfiles run regularly. (the find command is looking for all suid files; presumably the file /var/log/propersuidfiles was created earlier by dumping the results of this find command on a system you know is "clean") Review the results. Tripwire may do something equivalent to this. 5: Use shadowed (or nis, or anything but the old-style crypted entries in /etc/passwd) passwords. 6: Consider regularly running crack on your users' passwords to screen for weak passwords. 7: Configure tcpwrappers to log the results of an identd check. (I'm reasonably certain that this is easy to do with the standard Debian setup, but can't remember how) Most of the time the part of security that gets neglected is detecting attempted breakins that fail - often, hackers will try simple stuff before they progress to more sophisticated attacks. If the simple stuff is detected, even though it may have failed, you can at least know whom to watch. (And the shock of being caught red-handed can have a remarkable effect on many hacker-wannabes) (NOTE: I am not a security expert, nor do I have direct experience administering a machine that must be kept secure from the users; I just happened to spend most of my undergraduate years working for a very security-conscious sysadmin) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
