Security Quick-Start HOWTO for Red Hat Linux

Hal Burgiss

hal@foobox.net

v. 1.1, 2002-02-06

Revision History
Revision v. 1.1	2002-02-06	Revised by: hb
A few fixes, some additions and many touch-ups from the original.
Revision v. 1.0	2001-11-07	Revised by: hb
Initial Release.

This document is a an overview of the basic steps required to secure a Linux installation from intrusion. It is intended to be an introduction. This is a Red Hat specific version of this document.

Table of Contents

1. Introduction

1.1. Why me?
1.2. Notes
1.3. Copyright
1.4. Credits
1.5. Disclaimer
1.6. New Versions and Changelog
1.7. Feedback

2. Foreword

2.1. The Optimum Configuration
2.2. Before We Start

3. Step 1: Which services do we really need?

3.1. System Audit
3.2. The Danger Zone (or r00t m3 pl34s3)
3.3. Stopping Services
3.4. Exceptions
3.5. Summary and Conclusions for Step 1

4. Step 2: Updating

4.1. Summary and Conclusions for Step 2

5. Step 3: Firewalls and Setting Access Policies

5.1. Strategy
5.2. Packet Filters -- Ipchains and Iptables
5.3. Tcpwrappers (libwrap)
5.4. PortSentry
5.5. Proxies
5.6. Individual Applications
5.7. Verifying
5.8. Logging
5.9. Where to Start
5.10. Summary and Conclusions for Step 3

6. Intrusion Detection

6.1. Intrusion Detection Systems (IDS)
6.2. Have I Been Hacked?
6.3. Reclaiming a Compromised System

7. General Tips

8. Appendix

8.1. Servers, Ports, and Packets
8.2. Common Ports
8.3. Netstat Tutorial
8.4. Attacks and Threats
8.5. Links
8.6. Editing Text Files
8.7. nmap
8.8. Sysctl Options
8.9. Secure Alternatives
8.10. Ipchains and Iptables Redux

		Next
		Introduction