Some Good Tips to Secure Linux


I came across this while browsing, has some pretty solid stuff, goes deeper than most basic Linux security guides.

It has some good sections like this on protection against fork bombs:

Fork bombs are programs that keep creating child processes until system resources are all used, they actually aren’t remote exploits because they require a local user to execute the bomb, however, users may be tricked into running a fork bomb, for example the following example may look innocent, but running it on an unprotected system may take the whole system down:

:( ){ : |:& }; :

WARNING: do NOT run the above code on an unprotected system!

The above shell script will actually keep forking at an exponential rate until system resources are exhausted.

To protect a system against such attacks, there is a file for limiting the number of processes for each user, it is /etc/security/limits.conf, add the following two lines to it:
@users soft nproc 100
@users hard nproc 150

The lines prevent anyone in the users group from having more than 150 processes, and issue a warning at 100 processes.

Your system may not have a users group, so you may need to edit the lines to suit your needs.

There are some other things you can do like using a file integrity checker, installing a log checker or centralising logs with something like syslog-ng, scanning for SU files on a regular basis, setup alerts if a new user is added and so on, but this gives you a start.

It has some security tips for OpenSSH, Samba and MySQL too.

I recommend taking a look anyway!

Tips to Secure Linux Workstation

Posted in: Linux Hacking

, , ,


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


3 Responses to Some Good Tips to Secure Linux

  1. zupakomputer March 7, 2008 at 9:22 pm #

    That, is a splendid website there. A wealth of useful information & links.

    Cheers!

  2. Pantagruel March 8, 2008 at 12:19 pm #

    @zupakomputer

    Indeed a nice set of tips.
    Some a bit ‘security through obscurity’ inspired, port obfuscation (like mentioned for SSH) doesn’t do much for the hardened ssh hackers/crackers.

  3. zupakomputer March 8, 2008 at 3:27 pm #

    Yeah well they acknowledged that in the blog – it’s meant more to avoid automatic scanners and the kinds of people that are just using malware applications but don’t actually know how they work.