Chapter 6. Securing the System


This chapter includes several hacks that demonstrate some security mechanisms that aren’t well-documented elsewhere. I’ve also provided some new twists on old security favorites. Everyone has heard of sudo, but are you also aware of the security pitfalls it can introduce? You’re probably also well-versed in ssh and scp, but you may have yet to harness the usefulness of scponly.

You’ll also find several scripts to automate some common security practices. Each provides an excellent view into another administrator’s thought processes. Use their examples to fuel your imagination and see what security solutions you can hack for your own network.

Strip the Kernel

Don’t be shy. A kernel stripped down to the bare essentials is a happy kernel.

Picture the typical day in the life of a system administrator. Your mission, if you choose to accept it, is to achieve the impossible. Today, you’re expected to:

  • Increase the security of a particular server

  • Attain a noticeable improvement in speed and performance

Although there are many ways to go about this, the most efficient way is to strip down the kernel to its bare-bones essentials. Having this ability gives an administrator of an open source system a distinct advantage over his closed source counterparts.

The first advantage to stripping the kernel is an obvious security boost. A vulnerability can’t affect an option the kernel doesn’t support. The second is a noticeable improvement in speed and performance. ...

Get BSD Hacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.