Linux Security HOWTO Linux Security HOWTO Kevin Fenzi, kevin@scrye.com & Dave Wreski, dave@nic.comv0.9.11, 1 May 1998This document is a general overview of security issues that face the administrator of Linux systems. It covers general security philosophy and a number of specific examples of how to better secure your Linux system from intruders. Also included are pointers to security related material and programs. NOTE: This is a beta version of this document. Improvements, constructive criticism, additions and corrections are gratefully accepted. Please mail your feedback to both authors. Be sure and include "Linux", "security" or "HOWTO" in the subject line of your mail to avoid spam filters and to bring your mail to the quick attention of the authors.1. Introduction1.1 New Versions of this Document1.2 Feedback1.3 Disclaimer1.4 Copyright Information2. Overview2.1 Why Do We Need Security?2.2 How Secure Is Secure?2.3 What Are You Trying to Protect?2.4 Developing A Security Policy2.5 Means of Securing Your Site2.6 Organization of This Document3. Physical Security3.1 Computer locks3.2 BIOS Security3.3 Boot Loader Security3.4 xlock and vlock3.5 Detecting Physical Security Compromises4. Local Security4.1 Creating New Accounts4.2 Root Security5. Files and Filesystem Security5.1 Umask Settings5.2 File Permissions5.3 Integrity Checking with Tripwire5.4 Trojan Horses6. Password Security & Encryption6.1 PGP and Public Key Cryptography6.2 SSL, S-HTTP, HTTPS and S/MIME6.3 Linux x-kernel IPSEC Implementation6.4 SSH (Secure Shell), stelnet6.5 PAM - Pluggable Authentication Modules6.6 Cryptographic IP Encapsulation (CIPE)6.7 Kerberos6.8 Shadow Passwords.6.9 Crack and John the Ripper6.10 CFS - Cryptographic File System and TCFS - transparent cryptographic File System6.11 X11, SVGA and display security7. Kernel Security7.1 Kernel Compile Options7.2 Kernel Devices8. Network Security8.1 Packet Sniffers8.2 System services and tcp_wrappers8.3 Verify Your DNS Information8.4 identd8.5 SATAN , ISS, and Other Network Scanners8.6 Sendmail, qmail and MTA's.8.7 Denial of Service Attacks8.8 NFS (Network File System) Security.8.9 NIS (Network Information Service) (formerly YP).8.10 Firewalls9. Security Preparation (before you go on-line)9.1 Make a Full Backup of Your Machine9.2 Choosing a Good Backup Schedule9.3 Backup Your RPM or Debian File Database9.4 Keep Track of Your System Accounting Data9.5 Apply All New System Updates.10. What To Do During and After a Breakin10.1 Security Compromise under way.10.2 Security Compromise has already happened11. Security Sources11.1 FTP sites11.2 Web Sites11.3 Mailing Lists11.4 Books - Printed Reading Material.12. Glossary13. Frequently Asked Questions14. Conclusion15. Thanks to n