Inside Tufts

University Information Technology

Information Security

Security Best Practices for Unix and Linux

The Internet may have run on Solaris for a number of years, but desktop users are increasingly choosing variations of linux/unix as their interfaces become more user friendly.

  1. Put your UNIX server/workstation securely on the 'Net
    • Read the Unix Security Checklist from AusCERT and CERT.
    • Do a "clean" install.
    • Install the minimum set, add additional programs using the custom function.
    • "Strip" down the operating system - if you don't use it or know what it is, turn it off. Don't run BIND, SENDMAIL, TELNET, FINGERD, R commands, REXD, ECHO, CHARGEN or RIP without discussing the project requirements with TCCS.
    • Protect user accounts.
    • Protect files systems and add Tripwire or Tripwire Open Source.
    • Control network access and add TCP Wrappers.
    • Install secure shell for remote access.
    • Test and apply all the critical security patches.
    • Configure logging.
    • Email NOC and request a security scan.
  3. Back it up and test recovery.
  4. Now you can put it on the network.
  5. Monitor logs and security resource sites/lists.
  6. Patch frequently, always add recommended patches

Best Practices

FreeBSD
CIS FreeBSD v1.0.5 Benchmark
NIST FreeBSD 4.8 and above
IRIX
SGI Manuals IRIX Admin: Backup, Security and Accounting.
Configuring ipfilterd
Linux
LinuxSecurity.com the central voice for linux secrity news
Linux Security HOWTO
Securing Debian Manual.
Securing Fedora Core 5
Red Hat Security
Solaris
Securing Solaris Servers .. from SAGE
Solaris Operating Environment Network Settings for Security: Updated for Solaris 9 Operating Environment (pdf)
Solaris Operating Environment Security - Updated for Solaris 8 Operating Environment(pdf)
Deploying the Solaris Operating Environment Using a Solaris Security Toolkit CD (pdf)
Solaris Benchmark Scanning/Scoring Tools from the Center for Internet Security