15 April 2006 | 36,261 views

Some Good Tips to Secure Linux

Want to Learn Penetration Testing

I came across this while browsing, has some pretty solid stuff, goes deeper than most basic Linux security guides.

It has some good sections like this on protection against fork bombs:

Fork bombs are programs that keep creating child processes until system resources are all used, they actually aren’t remote exploits because they require a local user to execute the bomb, however, users may be tricked into running a fork bomb, for example the following example may look innocent, but running it on an unprotected system may take the whole system down:

:( ){ : |:& }; :

WARNING: do NOT run the above code on an unprotected system!

The above shell script will actually keep forking at an exponential rate until system resources are exhausted.

To protect a system against such attacks, there is a file for limiting the number of processes for each user, it is /etc/security/limits.conf, add the following two lines to it:
@users soft nproc 100
@users hard nproc 150

The lines prevent anyone in the users group from having more than 150 processes, and issue a warning at 100 processes.

Your system may not have a users group, so you may need to edit the lines to suit your needs.

There are some other things you can do like using a file integrity checker, installing a log checker or centralising logs with something like syslog-ng, scanning for SU files on a regular basis, setup alerts if a new user is added and so on, but this gives you a start.

It has some security tips for OpenSSH, Samba and MySQL too.

I recommend taking a look anyway!

Tips to Secure Linux Workstation

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon






Recent in Linux Hacking:
- NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials
- BackTrack 5 Released – The Most Advanced Linux Security Distribution & LiveCD
- Google Removes ‘DroidDream’ Malware From Android Devices

Related Posts:
- Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips
- Some Guidelines on How to Secure your Ubuntu Installation
- THC SSL DoS/DDoS Tool Released For Download

Most Read in Linux Hacking:
- Kon-Boot – Reset Windows & Linux Passwords - 117,712 views
- Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking - 116,088 views
- BackTrack v2.0 – Hackers LiveCD Finally Released - 96,330 views

Advertise on Darknet


3 Responses to “Some Good Tips to Secure Linux”

  1. zupakomputer 7 March 2008 at 9:22 pm Permalink

    That, is a splendid website there. A wealth of useful information & links.

    Cheers!

  2. Pantagruel 8 March 2008 at 12:19 pm Permalink

    @zupakomputer

    Indeed a nice set of tips.
    Some a bit ‘security through obscurity’ inspired, port obfuscation (like mentioned for SSH) doesn’t do much for the hardened ssh hackers/crackers.

  3. zupakomputer 8 March 2008 at 3:27 pm Permalink

    Yeah well they acknowledged that in the blog – it’s meant more to avoid automatic scanners and the kinds of people that are just using malware applications but don’t actually know how they work.