Sunday, August 08, 2010
Anu
I came across this while browsing, has some pretty solid stuff, goes deeperthan most basic Linux security guides.
It has some good sections like this on protection against fork bombs:
Fork bombs are programs that keep creating child processes until systemresources are all used, they actually aren’t remote exploits because theyrequire a local user to execute the bomb, however, users may be tricked intorunning a fork bomb.
For example the following example may look innocent, butrunning it on an unprotected system may take the whole system down:
:( ){ : |:& }; :The above shell script will actually keep forking at an exponential rateuntil system resources are exhausted.
To protect a system against such attacks, there is a file for limiting thenumber of processes for each user, it is /etc/security/limits.conf, add thefollowing two lines to it:
@users soft nproc 100The lines prevent anyone in the users group from having more than 150processes, and issue a warning at 100 processes.
@users hard nproc 150
Your system may not have a users group, so you may need to edit the lines tosuit your needs.
There are some other things you can do like using a file integrity checker,installing a log checker or centralising logs with something like syslog-ng,scanning for SU files on a regular basis, setup alerts if a new user is addedand so on, but this gives you a start.
It has some security tips for OpenSSH, Samba and MySQL too.
I recommend taking a look anyway!
Tips to SecureLinux Workstation.
Posted in
0 comments:
Post a Comment