GNU Linux Security
First step in this is to have a Security as a Policy - A Security Policy.
With out this you are not having clear definition to what you want to
protect and what to do when you find any violations. I would suggest
to have a look at Site "Security Handbook" an RFC 2196.
A GNU/Linux distributions has lots of softwares coming along with it as
its installation part,so a GNU/Linux user needs to be aware of what
packages he should install on the server systems which he is going to
use in production environment.
Choosing a right password for an account. Always this is the point which gets stressed by the
Security experts,and this is where maximum people override choosing
the right password for there account and some or the other day
compromise occurs. Passwords chosen for the systems should be of
alphanumeric kind and every 3 months they should be changed and as
far as possible use impersonal passwords i.e passwords should not be
based on date of birth, children names etc. Length of the passwords
are to be of minimum six characters.And should be revoked after
some number of failed attempts.
The Account which makes you
Powerful – "root". Knowing the root password is
privilege and at the same time is of great responsibility. you become
the GOD of the systems you can do whatever you want with the system -
its under your control. The "root" account has no security
restrictions imposed upon it.
For security reasons, never
login on your server as "root" unless it is absolutely
necessary an instance that necessitates root access. Disable the
remote logins directly for the root account,to become root login with
normal user account and then "su" to become root.
Set the login time out for the root account. Add to your /etc/profile
TMOUT=1800. This means if a user leaves a console/terminal without
logging out then shell after time specified by above parameter will
logout the user. Enable the command history in /etc/profile by adding
to your /etc/profile HISTSIZE=10 or some figure you would like to
keep. Zeroing the .bash_history file so that when user logout the
history file get deleted. HISTFILESIZE=0 .
Single user login mode of GNU/Linux
Passing these parameters to the Linux kernel
will make land you up in a single user mode where usually
administrators are supposed to do system maintenance activities after