-
Be extremely careful about installing new software. Never install binaries obtained from untrustworthy sources.
-
When installing new software, do not unpack or compile it as root . Consider building it in a chroot environment. Install it first on a noncritical system on which you can test it and observe any misbehavior or bugs .
-
Run integrity checks on your system on a regular basis (see Chapter 20).
-
Don't include nonstandard directories in your execution path .
-
Don't leave any bin or library directories writable by untrustworthy accounts.
-
Set permissions on commands to prevent unauthorized alteration.
-
Scan your system for any user home directories or dot files that are world-writable or group -writable.
-
Don't leave untrusted floppies in the floppy drive.
-
If you suspect a network-based worm attack or a virus in widely circulated software, call a FIRST response team or the vendor to confirm the instance before sounding any alarm.
-
If you are attacked by a network-based worm, sever your network connections immediately.
-
Never write or use SUID or SGID shell scripts unless you are a hoary Unix wizard.
-
Disable terminal answer-back, if possible.
-
Never have "." (the current directory) in your search path. Never have writable directories in your search path.
-
When running as the superuser, get in the habit of typing full pathnames for commands.
-
Check the behavior of your xargs and find commands. Review the use of these commands (and the shell) in all scripts executed by cron .
-
Watch for unauthorized modification to initialization files in any user or system account, including editor startup files, .forward files, etc.
-
Periodically review all system startup and configuration files for additions and changes.
-
Periodically review mailer alias files for unauthorized changes.
-
Periodically review configuration files for server programs (e.g., inetd.conf ).
-
Check the security of your at program, and disable the program if necessary.
-
Verify that any files run from the cron command files cannot be altered or replaced by unauthorized users.
-
Don't use the vi or ex editors in a directory without first checking for a Trojan .exrc file. Disable the automatic command execution feature in GNU Emacs.
-
Make sure that the devices used for backups are not world-readable.
-
Make sure that any shared libraries are properly protected and that protections cannot be overridden.