| ||
As you have seen throughout this chapter, UNIX is a complex system that requires much thought to implement adequate security measures. The sheer power and elegance that make UNIX so popular are also its greatest security weakness. Myriad remote and local exploitation techniques may allow attackers to subvert the security of even the most hardened UNIX systems. Buffer overflow conditions are discovered daily. Insecure coding practices abound, whereas adequate tools to monitor such nefarious activities are outdated in a matter of weeks. It is a constant battle to stay ahead of the latest "zero-day" exploits, but it is a battle that must be fought. Table 5-3 provides additional resources to assist you in achieving security nirvana.
Name | Operating System | Location | Description |
---|---|---|---|
Titan | Solaris | http://www.fish.com/titan | A collection of programs to help "titan" (that's "tighten") Solaris. |
"Solaris Security FAQ" | Solaris | http://www.itworld.com/Comp/2377/security-faq | A guide to help lock down Solaris. |
Solaris Security Downloads | Solaris | http://wwws.sun.com/software/security/downloads.html | A wealth of security tools from Sun. |
"Armoring Solaris" | Solaris | http://www.spitzner.net/armoring2.html | How to armor the Solaris operating system. This article presents a systematic method to prepare for a firewall installation. Also included is a downloadable shell script that will armor your system. |
"FreeBSD Security How-To" | FreeBSD | http://www.freebsd.org/~jkb/howto.html | Although this how-to is FreeBSD specific, most of the material covered here will also apply to other UNIX OSs ( especially OpenBSD and NetBSD). |
"Linux Administrator's Security Guide (LASG)," by Kurt Seifried | Linux | https ://www.seifried.org/lasg | One of the best papers on securing a Linux system. |
"Watching Your Logs," by Lance Spitzner | General | http://www.spitzner.net/swatch.html | How to plan and implement an automated filter for your logs utilizing swatch. Includes examples on configuration and implementation. |
"UNIX Computer Security Checklist (Version 1.1)" | General | ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist_1.1 | A handy UNIX security checklist. |
"Secure Programming for Linux and Unix HOWTO," by David A. Wheeler | General | http://www.dwheeler.com/secure-programs | Tips on security design principles, programming methods , and testing. |
"CERT Intruder Detection Checklist" | General | http://www.cert.org/tech_tips/intruder_detection_checklist.html | A guide to looking for signs that your system may have been compromised. |
Stephanie | OpenBSD | http://www.innu.org/~brian/Stephanie | A series of patches for OpenBSD aimed at making it even more secure. |
SANS Top 20 Vulnerabilities | General | http://www.sans.org/top20 | A list of the most commonly exploited vulnerable services |