We had our linux firewalls audited and I wanted to get some opinions on some
of the issues raised.
We were advised to turn sshd PasswordAuthentication off because it allows
clear text passwords.
hey? That doesn't sound right.
Mount partitions read only where possible.
I guess this is a good idea, but in what situation would this add security?
You need to be root to be able to write to the partitions that I could mount read
only, and if someone gets root, they can remount partitions read write.
Remove man pages.
Again, I can't see the harm in doing this, but I can't see the point.
Remove unnecessary binaries.
A good idea no doubt, but the firewall doesn't allow shell access, and the
way I see it is if someone gets shell access they can upload their own bin's.
It doesn't mention it in the report, but would mounting /home, /tmp and /var with
noexec help? It might stop a non root user from running their own programs, but it
won't stop root.
Capabilities wasn't mentioned in the report, and I haven't removed any (yet).
Time to do some reading on removing linux kernel capabilities I think.
What do people use for analysing firewall log files?
Theres 84 projects under that category on freshmeat.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
