Slackware System Hardening

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Just in time for Slackware 11.0, the new and improved Slackware System
Hardening document for Slackware 10.2.



A couple of the older versions:

Re: Slackware System Hardening

Quoted text here. Click to load it

Could you stop writting such crappy "security" guides?

You *blindly* advise to stop Sendmail, Apache, BIND, inetd and so on.
You don't advise not to install them, just to shut them down.

    Allowing users to run different shells allows them to bypass any security
    restrictions set on their login shell.

How could that be true? How would the `removepkg zsh' add _anything_ to
system security?

    Stop fsck from running every 22 boots.  The new setting means fsck only
    runs every 6 months.  If you would like to fsck more often, then adjust
    as necessary.

Very good advice. Pretty damn good! Who needs fsck? And how is it going
to work with ReiserFS or XFS?

Also, removing slrn, nn, strace, gdb and nc adds very much to system

/etc/profile stuff:
# Kick and lockout users that are UID 0 but are not root
if [ `id -u` = "0" -a `echo $USER` != "root" ]; then
  # Lock the user out
  passwd -l $USER

  # Save some info
  date >> /root/SHIT
  netstat -peanut >> /root/SHIT
  ps auxww >> /root/SHIT
  w >> /root/SHIT

ROTFL. It's pretty easy to avoid running /etc/profile.

<Kosma> Niektrzy lubi dozziego...
<Kosma> Oczywicie szanujemy ich.
Stanislaw Klekot

Site Timeline