Chapter 6. Securing the System
This chapter includes several hacks that demonstrate some security
mechanisms that aren’t well-documented elsewhere. I’ve also provided
some new twists on old security favorites. Everyone has heard of
sudo, but are you also aware of the
security pitfalls it can introduce? You’re probably also well-versed in
scp, but you may have yet to harness the
You’ll also find several scripts to automate some common security practices. Each provides an excellent view into another administrator’s thought processes. Use their examples to fuel your imagination and see what security solutions you can hack for your own network.
Strip the Kernel
Don’t be shy. A kernel stripped down to the bare essentials is a happy kernel.
Picture the typical day in the life of a system administrator. Your mission, if you choose to accept it, is to achieve the impossible. Today, you’re expected to:
Increase the security of a particular server
Attain a noticeable improvement in speed and performance
Although there are many ways to go about this, the most efficient way is to strip down the kernel to its bare-bones essentials. Having this ability gives an administrator of an open source system a distinct advantage over his closed source counterparts.
The first advantage to stripping the kernel is an obvious security boost. A vulnerability can’t affect an option the kernel doesn’t support. The second is a noticeable improvement in speed and performance. ...