UNIX and Linux Security Checklist.docx
- 文档编号:2314048
- 上传时间:2023-05-03
- 格式:DOCX
- 页数:55
- 大小:49.38KB
UNIX and Linux Security Checklist.docx
《UNIX and Linux Security Checklist.docx》由会员分享,可在线阅读,更多相关《UNIX and Linux Security Checklist.docx(55页珍藏版)》请在冰点文库上搜索。
UNIXandLinuxSecurityChecklist
UNIXandLinuxSecurityChecklistv3.0
AusCERTpublicrelease2007-07-25
Introduction
ThisdocumenthasbeenpublishedbytheAustralianComputerEmergencyResponseTeam(AusCERT).ItprovidesachecklistofstepstoimprovethesecurityofUNIXandLinuxsystems.Weencouragesystemadministratorstoreviewallsectionsofthisdocumentandifappropriatemodifytheirsystemstofixpotentialweaknesses.
Thechecklistisstructuredtofollowthelifecycleofasystem,fromplanningandinstallationtorecoveryandmaintenance.SectionsAtoGofthechecklistarebestappliedtoasystembeforeitisconnectedtothenetworkforthefirsttime.Inaddition,thechecklistcanbereappliedonaregularbasis,toauditconformance.
Notwoorganisationsarethesame,soinapplyingthechecklistconsiderationshouldbegiventotheappropriatenessofeachactiontoyourparticularsituation.Ratherthanenforcingasingleconfiguration,thischecklistwillidentifythespecificchoicesandpossiblesecuritycontrolsthatshouldbeconsideredateachstage.
OperatingsystemspecificfootnotesthroughoutthedocumentoffersomeadditionalinformationtohelpwithapplyingthesestepsonspecificUNIXandLinuxvariants.
Themostcurrentversionofthisdocumentisavailableathttp:
//www.auscert.org.au/1935
Wewillcontinuetoupdatethischecklist.Anycommentsshouldbedirectedviaemailtoauscert@auscert.org.au.
Beforeusingthisdocument,pleaseensureyouhavethelatestversion.NewversionsofthischecklistwillbeavailableviatheURLlistedaboveandshouldbecheckedforperiodically.
Disclaimer
AusCERTadvisesthatthisinformationisprovidedwithoutwarranty-sitesshouldensurethatactionsandprocedurestakenfrominformationinthisdocumentareverifiedandinaccordancewithsecuritypoliciesthatareinplacewithintheirorganisation.ListingofsoftwareproductsortoolswithinthisdocumentdoesnotconstituteendorsementbyAusCERTorTheUniversityofQueensland.
Contents
1.A.DetermineAppropriateSecurity
2.B.Installation
3.C.PatchandUpdate
4.D.Minimise
5.E.SecureBaseOS
6.F.SecureMajorServices
7.G.AddMonitoringCapability
8.H.ConnecttoNet
9.I.TestBackup/RebuildStrategy
10.J.Maintain
1.References
A.DetermineAppropriateSecurity
Applyyourorganisation'sinformationsecuritypolicytoguidethedecisionsmadeinthissection.
A.1Computerrole
Firstdecideonanddocumenttheroleofthiscomputer.Thismeansspecifyingexactlywhichservicesthecomputerwillprovide.
Examplecomputerrolesare:
∙emailserverandemailvirus/spamscanner
∙userworkstationforwordprocessing,emailandwebbrowsing
∙combinedwebserver/databaseserver
A.2Assesssecurityneedsofeachkindofdatahandled
Thesecuritymeasuresappropriateforthiscomputerwilldependgreatlyonwhatinformationwillbestoredonit,orpassthroughit.
ForInternetconnectedcomputers,evenforunimportantdata,acertainbaselinelevelofsecuritywillberequired,tostopthiscomputerbeingusedasaplatformtoattackfurtherintothenetworkorotherexternalnetworks.
Thefollowingstepswillhelptodeterminethesecurityneedsofthissystem:
1.Dataonthissystem
Consideringthecomputerrole,identifyeachkindofinformationthatwillbehandledbythiscomputer.Examplesare:
∙officeemails
∙clientpersonaldata
∙privatekeysandcertificates
∙sourcecodebeingdevelopedin-house
Thelistshouldalsoidentifyinformationsuchasuserpasswords,whichmaybetypedintothiscomputerbutwhichalsogiveaccesstoothersystemsthatusethesamepassword.
2.Threats
Considerthepotentialthreatstoeachkindofinformationidentifiedabove.Whichclassesofattackerwillbemotivatedtoread,modifyordisableeachofthesekindsofdata?
Considerationofthethreatshouldincludebothtargetedandindiscriminateattacks.
Targetedattacks:
Targetedattacksrefertothosewhereattackersmayspecificallytargetyourbusinessoryourcustomers.Dependingonthekindofinformationprocessed,threatsmayincludemaliciouschangesbyadisgruntledinsider,adenialofserviceattackforthepurposeofextortion,orindustrialespionageorsabotage.
Indiscriminateattacks:
AllcomputersontheInternetaresubjecttothesethreats.Someorganisationsbelievethattheirsystemswillnotbeofinteresttoattackers;thisisincorrect.Attackersareinterestedincontrollingyourcomputersforanumberofreasons,includingtolaunchattacksonotherorganisations,tosendspam,ortocaptureusers'authenticationcredentials.
3.Impactsifthreatsarerealised
Foreachofthethreatscenarios,estimatetheimpactonyourorganisationiftheattackisrealised.
Thecostmaybemeasuredinmoney/time/reputation
4.Determineacceptablerisk
Basedonthepotentialimpacts,determinewhatlevelofriskcanbeaccepted.Suchdeterminationofriskacceptancelevelsshouldbedoneinconjunctionwithseniormanagement.
Makingexplicitthethreatsandimpactsinthiswaywillhighlightwhattheprioritiesshouldbeforprotectingeachkindofinformationonthesystem.
FororganisationswithlittledependenceonITandnocriticaldatathesestepscanbedoneinformally.Otherwise,considerdoingtheassessmentinwriting,integratedwiththeriskassessmentfortheoverallnetwork.
Moreformalriskmanagementframeworksareavailabletoassistwiththis,suchasOCTAVE(http:
//www.cert.org/octave).
IntheAustraliancontext,guidelinesforinformationsecurityriskmanagementareprovidedbyHB 231:
2004,availablefromStandardsAustralia.
A.3Trustrelationships
Identifyingtrustrelationshipswilldeterminewhetherthesecurityofthiscomputerisappropriaterelativetoothercomputers.Forexample,asecureconfigurationisuselessifaUNIXserverismanagedfromdaytodayusingaworkstationcontrolledbyanattacker.
Belowarethreequestionstoasktodeterminethetrustrelationships:
1.Whichsystemsdoesthiscomputertrust?
Thesewillincludethefollowing:
∙Workstationsusedtoadministerthiscomputere.g.bySSHorwebinterface;
∙Authenticationservers(e.g.kerberosorLDAPservers);
∙Backupservers(e.g.duringarestore).
Thosesystemsmustbemadeatleastassecureasthiscomputer.
2.Whichcomputerstrustintegrityofdataservedupbythiscomputer?
Forexample:
∙Authenticationclients,ifthisisanauthenticationserver;
∙Computersthatmaybeadministeredfromthiscomputer;
∙Workstations,ifthisisafileserver.
Thiscomputermustbemadeatleastassecureasthosesystems.
3.Whichcomputerstrustthiscomputertomaintainconfidentialityofdata?
Thesemayinclude:
∙PeerVPNendpoints;
∙Databaseclients.
Thiscomputermustbemadeatleastassecureasthosesystems.
A.4Uptimerequirementsandimpactifthesearenotmet
Considerhowreliablethiscomputerisexpectedtobe,andwhattheimpactwillbeiftheseuptimerequirementsarenotmet.
Thiscanincludeissuessuchasthefollowing:
∙Willworkintheorganisationbeaffectedifthiscomputerfails?
∙Arespecificservicelevelsrequiredbycontract?
∙Willbusinessbelostifcustomerscannotaccessawebsite?
TheseuptimerequirementswillalsoinfluencetheBackup/RebuildStrategychosenlaterinsectionI.
A.5Determineminimalsoftwarepackagesrequiredforrole
FromtheroledeterminedinA.1,documentwhichprogramsareneededtofullyimplementthisrole.Thisincludesanyextralibrariesorsupportsoftwarethatthemainsoftwareneeds.
Laterinthischecklist,installedsoftwarewillbeminimisedtojustthesoftwaredeterminedhere.
A.6Determineminimalnetaccessrequiredforrole
DocumentwhichTCPandUDPportnumbersthiscomputerwillneedtocommunicateontoperformitsrole,includingthedirection(inoroutbound).
Whereappropriate,alsorecordwhichspecificcomputersthisonewillbecommunicatingwithforeachservice.
Laterinthischecklist,networkaccesswillberestrictedtoonlythisrequiredaccess.
B.Installation
B.1Installfromtrustedmedia
IfinstallingtheoperatingsystemfromdownloadedISOimages,UseatrustworthycomputertochecktheintegrityoftheinstallCDsaftertheyareburnt,usingahash(MD5/SHA1/other)ordetachedPGPsignature.AnexamplecommandtochecktheMD5hashofaCDunderLinuxwouldbe:
ddif=/dev/cdrombs=64k|md5sum
IfusingMD5orSHA1hashes,makesurethatthelistofhashesitselfcomesfromatrustedsource(eitherdigitallysigned(preferably)orfromatrustedSSLauthenticatedwebsite).
B.2InstallwhilenotconnectedtotheInternet
InstalltheoperatingsystemwhilenotconnectedtotheInternet.Foranetworkinstallationofmultiplemachines,itispreferabletouseanisolatedstagingnetworkduringtheinitialinstallation.
B.3Useseparatepartitions
Creatingseparatepartitionsfordifferentpartsofthefilesystemallows:
∙moreflexibilityinapplyingdifferentmountoptionstodifferentpartsofthehierarchy,torestricttheuseoffiles(asdescribedbelowinE.5.2);
∙avoidingdenialofservicebydiskspaceexhaustion(e.g.logfiles);
∙hardlinksarepreventedfromcrossingpartitionboundaries.
Useseparatepartitionsfor/,/usr,/var,/tmpand/home.Goodplanningofthepartitionschemeisessential.
B.4Installminimalsoftware
Whenmakingselectionsduringtheinstallationprocess,installonlythesoftwaresetsrequiredforthiscomputer'srole,asdeterminedinA.5
Installation-generalnotes:
Solaris, HP-UX, AIX
C.ApplyallPatchesandUpdates
EnsuringthelatestpatchesandupdatesareappliediscrucialtosecurityasUNIXsystemswithunpatchedpublicvulnerabilitiesarequicklycompromised
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- UNIX and Linux Security Checklist