good linux security guide?

[Red Squirrel]

Can anyone recommend a good security guide on securing a Linux server where users have ssh access? For example, how to stop that bug where people can just su as root with no password. Things of that nature, and also protecting from outside threats.

I know the basics, and I've recently been messing with iptables to be able to do basic IP/port blocks, but I want to go further.

 

[drag]

I donno. There is a nice book called 'Hardening Linux" that you can usually find in bigger bookstores.

Otherwise there are websites all over the place. Linuxsecurity.com is probably a handy place to start.

Here is somethings that I know:

a) Simple is better. Complexity is the enemy of security.
b) Reduce the amount of services you use to a bare minimum to reduce attack footprint. The only thing I have running on my systems most of the time is SSH (it can file transfer, remote gui, remote file systems, etc).
c) Encryption is easy, but unless used correctly is worse then useless.
d) Use long and irritating passwords that are unique. They also need to be changed periodically.
e) Periodically check your system to make sure that your not running anything unexpected. Keep your system up to date.

That's about it. Thats about 95% of the battle and probably covers most of the important stuff going.

 

[Red Squirrel]

Yeah I also have iptables to block EVERYTHING then I just unblock what I need. And by everything, even ICMP, gone. I opened up the IPs to the data center's monitoring, and thats it.

And yeah I try to stay away from complex setups unless I really understand them.

Like I have a semi complex setup with the way my VMs are secured behind the virtual nat, with the actual service on another bridged nic, but I fully understand the setup and have it documented.

Things like SSH public key, I decided against due to the complexity of it. I'll want to play around with it and research it before I consider implementing it as a booboo could end up enabling no password access, or something, if I do something wrong.

 

[Fallen Kell]

Well, a good intro can be found from IBM. Part 3 has the guts of many things, but parts 1 and 2 have information about what you need to think about.

Part 3
http://www.ibm.com/developerworks/library/l-seclnx3/

Another good site to use is:
http://www.linuxsecurity.com/content/section/9/161/

 

[child of wonder]

If your box allows port 22 connections from the internet I'd highly recommend disabling root SSH access and installing denyhosts.

At my last job, the geniuses at the company that bought ours decided it would be easier to simply open our internal network to the whole world than deal with a VPN so they could remotely access our systems.