Monday, May 25, 2009

Debian 5 (Lenny) - Security & Performance


Hardware & preparation | OS installation | Console & web monitoring | Network & application services | Multimedia | Security



I left this at the end since it's the most dynamic and hardest part. A sysadmin have to keep an eye to systems he manage in order to run safe and secure for the network (internet), and as fast as possible for the applications installed.


Security tips
- as per this thread, user nobody should not have shell access; needs to check that
- Securing Debian Manual
- Securing Debian Manual - Security update protected by a firewall
- Securing Debian Manual - Debian Security Infrastructure
- secpack - automatic security updates
- DebianHelp.co.uk
- encrypt data on all partitions (backup should be part of this process)
- check for security vulnerabilities using Tiger / TARA or some other tools
- First Things First - An Introduction to Learning About Network Security
- Scaring Crackers Away with TCP Wrapper
- Network monitoring, access control & booby traps using TCP Wrappers
- Security Quick-Start HOWTO for Linux (07.2002)
- RFC archives (Internet RFC/STD/FYI/BCP Archives)
- Internet FAQ Archives
- TCP_WRAPPERS in Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
- iptables; links: Iptables HowTo (Ubuntu), Iptables Tutorial 1.2.2 by Oskar Andreasson (2006).
- shorewall - iptables-based firewall made of scripts; links: shorewall explained (in Custom Linux Firewalls with Debian)
- SbD project (Secure-by-Default)

Notes: installing CentOS 5, I found a nice security utility that I need to keep in ming for future installations: rkhunter. Some false positives are shown when run, and every hour an email is sent to the root account. The fix for these are explained in a forum thread I found searching the internet.



Performance tips
- file system - How to Increase ext3 and ReiserFS filesystems Performance.



Some general/networking/sysadmin links:
- DebianAdmin
- debianHELP
- Debian-Administration
- Debian Administration Utilities
- Debian Clusters for Education and Research
- Debian Mailing Lists
- Dimitri (dim) Tools
- Edison Wong (Debian tag)
- Finding out basic information about your hardware
- GetDeb - software you want
- LinuxConfig
- Linux Gazette
- Lone Wolf's Scripts
- MDLog:/sysadmin
- Open Source Heaven
- UbuntuGeek
- UbuntuHQ
- Ubuntu Official Documentations
- Ubuntu UserDocumentation
- UnixCraft - Insight into Linux admin work
-



Interesting applications/readings
Researching, I find projects I may need to use for other projects. This is to not forget about them:
- ServDoc - shellscripts to find a lot of informations about a system
- GRLM - Linux Live-CD for sysadmins


Powerful tools
Using linux/Debian for this project, I found myself in a process of deeply studying powerful tools. I'll keep track of good links I passed by, good for novices as well as more advanced admins:
- vim: power vim usage.
- bash scripting: Tips for learning to program Unix/Linux shell scripts.
- dd: dd usage (wikipedia).



Interesting applications/readings
Researching, I find projects I may need to use for other projects. This is to not forget about them:
- ServDoc - shellscripts to find a lot of informations about a system



About / Despre acest blog
Disclaimer and privacy statement / Confidenţialitate
Updated / Actualizat: 2009-09-18.

___


No comments: