Hardening Unix Systems

Throughout this chapter, I’ve been suggesting that systems ought to provide only the minimum amount of services and access that are needed. This is especially true for important server systems, especially—but not limited to—ones at site boundaries. The process of making a system more secure than the level the default installed operating system provides is known as hardening the system.

In this section, we’ll look at the general principles of system hardening. Naturally, the actual process is very operating system-specific. Some vendors provide information and/or tools for automating some of the process. There are also some open source and commercial tools related to this topic. Here is a list of helpful websites related to system hardening that are available at this writing (July 2002):

AIX

http://biss.beckman.uiuc.edu/security/workshops/1999-10/

FreeBSD

http://www.trustedbsd.org

http://draenor.org/securebsd/

HP-UX

http://www.interex.org/conference/iworks2001/proceedings/5103/5103.pdf

http://www.bastille-linux.org (This tool works under HP-UX as well.)

Linux

http://www.linux-sec.net/Distro/distro.gwif.html

http://www.bastille-linux.org

Solaris

http://wwws.sun.com/software/security/blueprints/

http://www.yassp.org

Tru64

http://www.maths.usyd.edu.au/u/psz/securedu.html

Tip

Many operating systems are available in an enhanced security or “trusted” version. This is true of AIX, HP-UX, Solaris, and Tru64. There are several heightened-security Linux distributions and BSD projects ...

Get Essential System Administration, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Essential System Administration, 3rd Edition by Æleen Frisch

Hardening Unix Systems

Tip

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly