On Mon, 1 Feb 2010, Joseph Kern wrote: > A group of students at my university will be participating in a round > of computer security CTF (Capture the Flag) as the Defenders [1] early > next week. > > Given that they have to keep their servers and services online; what > would you do in 5 mins to secure a Linux system? > > I'm hoping that I can give them a list of commands and items to check > quickly so they can study/practice before the "big event". They will > be running Zenwalk Linux; probably a LAMP stack (with PHPmyadmin), > ssh, ftp, and postfix. > > Any help would be greatly appreciated. > > > And no, they can't just `iptables -A INPUT -j DROP -p tcp -i eth0` as > they are scored continuously on service uptime. I thought of that too > (this will be the nuclear option).
If they are really comeing into this cold and don't know what is what on the server, and know that you have hostiles attacking immediatly, you may really want to shut everything down long enough to find what is configured to run, shut everything that you don't need down, and do a quick check of the configs of the things that you do need before bringing things back up. It's trading downtime at the start for a chance to avoid unplanned downtime later. If you get behind the curve and get to where you are reacting to the latest thing that the attackers have done, and still don't know what you have on the box, you have lost. The attackers will be able to scan your box and find what is there at least as fast as your defenders can, and your defenders will still need time to figure out if the thing is needed, and if it is secure or needs updates. If you know ahead of time what is on the box, then you can look over what's running by default and plan what you need to shutdown, reconfigure, or update. It all depends on how much is known and how much is unknown when you walk in. David Lang _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
