Linux Defenses
- Passwords
- Have a strong password policy
- Enforce the use of strong passwords
- Use shadow password files
- Use passwd+ to enforce strong passwords
- Audit access to key files
- Use one-time passwords
- Use Biometric authentication
- Review the Log files.
- /var/run/utmp - tracks who is logged into the system (viewed via who, finger)
- /var/log/wtmp - tracks who has logged in and out of the system (viewed via last)
- /var/log/btmp - tracks failed logon attempts (viewed via lastb)
- /var/log/messages - keeps messages from the syslog facility
- /var/log/secure - tracks access and authentication information
- Protect the log files
- set proper permissions on log files
- store log files on separate server
- make regular backups of log files
- use write once media
- encrypt log files
- Examine the files for unauthorized activity. Tripwire
- Periodically check for Rootkits (Carbonite)
- Listen for attempts to scan ports (Attacker)
- Scan for Cracking Tools - Rkdet - rootkit detector for Linux
- Keep an Inventory of Active Accounts
- Limit Who Has root Access
- Secure "Telnet and FTP"
- Turning off Telnet and FTP
- NeoTrace
- Port Detective
- Sniffer
- NetSniff
Please mail any comments about this page to summers_wayne@ColumbusState.edu