<quote who="paavan shah">
As far as linux hardening is concerned: I would like to
summarize,group members please add your notes to it:
1)Installing your servers with bare minimum packages and see to it
that only needed services are running.
2)Before you install a new package on your production do check for
known vulnerabilities for that package and if possible always get the
latest package.always verfiy the integrity of the package using
md5sum.
3)With integrity checkers like tripwire periodically check your
essential binaries and configuration files for any modifications.
4)DO use log analyzers like logcheck and swath to detect important events.
5)Periodically check your system for rootkits using rootkit hunter and
chkrootkit.
6)Regulary backup your essential data to other machines or hard disks
such that in case of failure the data can be recovered.
7)get packages from autorized sites only.
8)Keep a watch for upcoming attacks and vulnerabilites for the
softwares installed on ur machine.Patch them and keep them uptodate.
9)check your system for possible viruses using antivirus like clamAV.
List,if more points are to be added then do add to the summary.
I believe you missed the three most important points.
1) Harden your server with tight ACLs (SELinux or LIDS).
2) Use a good firewall.
3) Secure your web apps.
More and more, the web apps are becoming the preferred intrusion method.
No need for port scans and since there are so many languages they can be
written in, it's hard to keep track of the vulnerabilities. Not to
mention the fact that many of them don't have an announce list so you have
to subscribe to the general one. Then you have to wade through all the
garbage just to watch for updates...
