When it comes to firewalling services, NFS has to be one of the most complex to get operational. By default the various NFS services (lockd, statd, mountd, etc.) will request random port assignments from the portmapper (portmap), which means that most administrators need to open up a range of ports in their firewall rule base [...]
I have been using tcp wrappers for years, and it’s a very simple way to allow and deny network access to applications. TCP wrapper functionality is built into the system libwrap.so module, which various applications are linked against. To see if a given application supports tcp wrappers, you can use the ldd utility: $ ldd [...]
Linux contains two devices that provide a source of entropy for the system. The first device is /dev/random, and the second is /dev/urandom. /dev/random is a character special device that provides a source of entropy until the system-wide entropy pool is exhausted, at which time it will block until additional entropy is available. /dev/urandom is [...]
When I run through my security checklist after building a host, one of the first things I change is the login fail delay. This option allows you to force a user to wait a given number of microseconds after a login failure before being able to try another password. For applications that perform brute force [...]
Most admins have to support system logins in one form or another. These logins include everything from application service accounts, operations accounts, SysAdmin accounts and pretty much everything else you can think of. Some of these accounts may not need to access your servers 24/7, and you may want to limit the timeframes when users [...]
I have been doing some Redhat and CentOS security research, and came across several AWESOME links on securing Linux installations: Hardening RHEL5 NSA reference guide for securing Linux installations NSA Guide to securing Linux installations Stack overflow protection with ExecShield
