Software projects/OS/Slackware/Advanced usage/Hardening

From Pandora Wiki

Jump to: navigation, search

Contents

1 About this document
2 GNU/Linux and free software
3 The physical access
4 The Pandora bootloader
5 The installed programs
6 The updates
7 The logs
8 The kernel
9 The users
10 The groups
11 The password policy
12 The network
13 The devices
14 The emails
15 The security tools

About this document

It's a WIP. Security is a huge subject. May take monthes to have something consistent here.
I'm not a security expert.

GNU/Linux and free software

Slackware, as almost every Linux distribution, is not secured by default. In fact, almost no Linux distribution is shipped with an acceptable security level.
It's up to the administrator to work it out to reach the needed security level.
When nicely secured, the main danger will come from the administrator's lack of attention.
Avoid weakening your network with proprietary OS, even UNIX-based:

There's people who know things about the proprietary OS that you don't know.

It means big proprietary vendors can put one hundred backdoors in their OS. When someone finds one, they will release a patch saying "Look at how we are trusty, we patched in less than one day". Still, there's ninety-nine backdoors left for them to sell.
Use free software.

The physical access

This is the most critical and dangerous vulnerability. When someone can get a physical access to your devices, you're potentially screwed.
If you intend to hire or work with someone who calls himself a security expert, ask him what is the most dangerous vulnerability. If he doesn't answer this, throw him away, and far.

The Pandora bootloader

The installed programs

The more programs installed, the more potential weaknesses.
To install a minimal Slackware system, a good start is to take a look at tagfiles.
They are located in the installation packages series. Tagfile example: the "a" (base system) serie tagfile: http://ftp.slackware.pl/pub/armedslack/armedslack-13.37/slackware/a/tagfile

The updates

Of course, updates are critical.
See this.

The logs

The kernel

For a top-level security, you have to recompile your kernel as non-modular, only including the needed options.
There's pros and cons about using a long-term stable or a latest kernel. I'm not able to give enlightened advices on this subject.

The users

The groups

The password policy

The network

The devices

Following my advice about the physical access, don't let anybody plug any device into your machines, especially USB ones.

The emails

The security tools

chkrootkit
rkhunter
snort
Nessus

Retrieved from "https://pandorawiki.org/index.php?title=Software_projects/OS/Slackware/Advanced_usage/Hardening&oldid=10329"

Navigation menu