Linux and Solaris Security: An Introduction


Document History

The Introduction has become too big, so I have split it into pieces.


If you think I've missed something, something is unclear or simply wrong, please email

The Basics
Last update: 2007Jan15
Shutting down network daemons which are not required; securing X-windows; patching your system; using secure services (SSH, etc).
Securing Network Services
Last update: 2007Jan09
wrapping services with inetd/xinetd; chrooting services; chrooting users; application-level proxies; Apache's modsecurity.
Miscellaneous Tools
Last update: 2007Jan12
filesystem attributes (chattr, etc);
Packet Filters, Firewalls and ACLs
Last update: 2007Jan29
packet filters and firewalls; graphical and other firewall frontends; pinprick firewalls; practical steps to developing and testing a firewall on a production machine; router ACLs.
Scanners what's listening on your machine? — nmap; vulnerability detection — Nessus; periodic scans and nmapsql.
Your Best Friends (lsof only so far tcpdump, netstat, ntop, ngrep, lsof...
Some Extended Examples hardening a Solaris installation; hardening a Linux installation; finding an intruders backdoor.
Logging, Host-Based Intrusion Detection and Rootkits system logs; securing logs; log-monitoring utilites; central log-servers — syslog-ng; file change monitoring; Cheesewire; chkrootkit, rkhunter...
Network-Based Intrusion Detection Systems and Dynamic Firewalls Portsentry and PSAD; Snort and SnortSAM; Netfilter/IPTables PSD Patch.
Kernel Patches Security-related Linux kernel patches, including SE Linux, LIDS, GRSecurity, PaX... are discussed here.

About this document:

Produced from the SGML: /home/isd/public_html/_unix_security/_reml_grp/unix_security_intro.reml
On: 29/1/2007 at 11:15:51
Options: reml2 -i noindex -l long -o html -p singleframe