1 |
Hello everyone, |
2 |
|
3 |
I wrote to Drobbins yesterday to ask if someone already has written security |
4 |
guideline documentation for Gentoo. He had not heard of any projects in that |
5 |
direction. So I have startet one :) .. |
6 |
|
7 |
These are the chapters I want to write : |
8 |
|
9 |
------------------ |
10 |
|
11 |
Step by step guide for Gentoo |
12 |
|
13 |
Introduction |
14 |
Credits |
15 |
|
16 |
Considerations before installation |
17 |
BIOS password |
18 |
Services |
19 |
Partition scheme |
20 |
Root password |
21 |
Policies |
22 |
Why is policies needed |
23 |
Security policy |
24 |
Acceptable use policy |
25 |
Email policy |
26 |
Password policy |
27 |
|
28 |
Tightening the security after/during installation |
29 |
/etc/make.conf |
30 |
Grub/Lilo password |
31 |
Console restriction |
32 |
More logging |
33 |
syslogd |
34 |
metalog |
35 |
syslogd-n |
36 |
Mounting of partitions |
37 |
-noexec |
38 |
-nosuid |
39 |
-ro |
40 |
User/group limitations |
41 |
/etc/security/limits.conf |
42 |
/etc/limits |
43 |
Quotas |
44 |
/etc/login.defs |
45 |
/etc/login.access |
46 |
File permissions |
47 |
World readable |
48 |
World writeable |
49 |
SUID files |
50 |
PAM |
51 |
TCP Wrappers |
52 |
|
53 |
Kernel security |
54 |
/proc |
55 |
Kernel patches |
56 |
Grsecurity |
57 |
Kerneli |
58 |
Links for more kernel patches |
59 |
OpenWall |
60 |
LIDS |
61 |
More ... |
62 |
|
63 |
Securing Services |
64 |
Using xinetd |
65 |
ssh |
66 |
X |
67 |
Lpd |
68 |
FTP |
69 |
Pureftpd |
70 |
Proftpd |
71 |
virtual users |
72 |
Apache |
73 |
SSL |
74 |
PHP |
75 |
Mail |
76 |
Qmail |
77 |
Fighting Spam |
78 |
virtual users |
79 |
Bind |
80 |
Samba |
81 |
virtual users |
82 |
Chroot |
83 |
|
84 |
Firewall (Iptables) |
85 |
|
86 |
Intrusion detection |
87 |
Aide |
88 |
Snort |
89 |
|
90 |
Backup |
91 |
Full system backup using Systemimager |
92 |
Partial backup using tar |
93 |
Backing up postgres |
94 |
|
95 |
Pen-testing |
96 |
Remote audits |
97 |
Network audits |
98 |
|
99 |
After a compromise |
100 |
How to report an incident |
101 |
Forensics analysis |
102 |
Creating an image of the system without destroying evidence (Using dd) |
103 |
Trap and trace (Using tcpdump) |
104 |
.. More to come .. |
105 |
Restoring system |
106 |
|
107 |
FAQ |
108 |
|
109 |
-------------- |
110 |
|
111 |
|
112 |
If I'm missing some vital aspect/information or someone already has startet |
113 |
writing, I would sure like to know .. Otherwise I will start writing :) |
114 |
|
115 |
Best regards |
116 |
Kim |