Chris on 22 Jul 2005 14:53:33 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] security for home users


Its also good to start a password with #  crackers,brute force etc ignore
lines with # for comments, the odds of a cracker cracking a password with ^#
are nill

Chris S
chris@jynx.net
www.Jynx.net 
-----Original Message-----
From: plug-bounces@lists.phillylinux.org
[mailto:plug-bounces@lists.phillylinux.org] On Behalf Of Jason
Sent: Friday, July 22, 2005 8:57 AM
To: Christopher M. Jones
Cc: Philadelphia Linux User's Group Discussion List
Subject: Re: [PLUG] security for home users

On 7/21/05, Christopher M. Jones <cjones@partialflow.com> wrote:
> I've done 1-4. But beyond that, I don't even know what the issues are.
> So that's why I asked for the basic tutorial. I've just never had to
> worry about security and I think it's something I should know about
> anyway. Thanks for the suggestions.

Excellent start then.  Definitely work your way from outside to inside.

Next steps would be to do a bit of hardening to your OS.  

Strip off extraneous services you don't use.  Why start nfs daemons if
you're not using nfs?  Why start (postfix|sendmail|exim|etc.) if
you're not running a mail server?  Do you need to have Apache, MySQL,
PostgreSQL and 17 other services running on your workstation? 
Probably not.  Check your (inetd|xinetd) configuration too.  You
probably don't need much of anything in there.  In fact, you may find
that you can just completely disable (inetd|xinetd).  Lots of people
recommend scripts like Bastille.  While a fine idea to download and
look at what it does, I'm a big believer in self-implementation - that
way you learn something along the way.  Otherwise, you learned how to
run a script.

If your distribution provides it, consider using SELinux.  You get
SELinux in (at least) FC3, FC4, RHEL4, CentOS 4 and WBEL 4.

Things like prohibiting root ssh sessions (in the /etc/ssh/sshd_config
file) are always good.

Choose good passwords.  The strongest passwords contain mIxEd CaSE
words, letters, numbers and even special characters such as + , . | (
* ) and so on.  Rather than a simple password, a great way to go is to
choose a phrase that you'll easily remember, and convert that into a
password.  Eg:

Suppose you had a daughter, Jennifer, and she was 13 years old.  This
might lead you to the phrase, "My daughter, Jennifer is 8 + 5 years
old.", or a password of:

MdJi8+5yo.

Don't login as root.  Use su, or better still, sudo.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug