1 / 12

Enhancing Site Security and Administration for Unix and Linux Systems

This wiki aims to facilitate discussions on essential site security and system administration practices, specifically focusing on Unix, Unix-like, and Unix-derived operating systems such as Linux, FreeBSD, and MacOSX. It addresses often-overlooked topics in security and administration, sharing best practices for machine commissioning, lifecycle management, and security documentation. By sharing experiences and methodologies, we can improve overall system stability, quality, and security. Explore standardized procedures, monitoring tools, and training resources to enhance your site's security posture.

colorado-massey
Télécharger la présentation

Enhancing Site Security and Administration for Unix and Linux Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Site Security and Administration http://www.gridpp.ac.uk/wiki/SiteSecurity Steve Cobrin  <s.a.cobrin@rl.ac.uk>

  2. Site Security and Administration • Proposing a wiki to be used to discuss some basic Site Security and SysAdmin issues • focusing on Unix, Unix-like and Unix-derived systems. e.g. Solaris, AIX, HP-UX, Linux, GNU/Linux, FreeBSD, MacOSX, OpenBSD, etc • Will not look at deploying or using LCG/EGEE middleware

  3. Introduction • There are quite a few areas of security and administration, which don't seem to be discussed enough. • Why not? • Old topics (been doing this for > 20 years) • Boring • Done it! Been there! Read the book (Practical Unix Security) • However if overlooked • Less security • Forever reinventing the wheel • Less stability • Less quality • Poor mentorship • So, lets share best practices!

  4. Initial commissioning of machines (building, configuration, deployment) • Defining the life-cycle / work-flow of machines.

  5. Initial commissioning of machines (building, configuration, deployment)(continued) • Differing type of operating systems • Many different Linux distributions • Some centrally administered others ad-hoc administration • Linux and Unix system interoperability • MacOSX

  6. Security Documents • Internal Documents: • Site Security Policies • Acceptable Use Policies • Incident Response Procedures • Baseline Security Documents • Local Security Hardening Procedures • Standard off the shelf documents: • BSI 7799 /ISO 27001 Standards • The Centre for Internet Security Benchmarks

  7. SysAdmin Procedures • Initial build and deployment of systems - Kickstart, Imaging • Documentation - Useful documentation used at sites • Patch Management - e.g. OS Vendor and Distribution patches • up2date • yumit/pakiti (http://pakiti.sourceforge.net) • Software Management - e.g. 3rd party software, compiling from source, etc • Cluster management - for example how you perform kernel updates across a large cluster

  8. SysAdmin Procedures(continued) • Admin methods - how you go about configuration tasks (e.g. logging in as root, use of SSH keys, Sudo(http://courtesan.com/sudo) • Managing non-user accounts • Helpdesk Systems - • Configuration Management and Change Control • CFengine (http://www.cfengine.org/) • RT (http://bestpractical.com/rt) and Footprints • SubVersion

  9. Security Monitoring & Forensics • Logging - • Central Syslogging (syslog-ng) • level of error logging for tools like ssh • Network Monitoring • Any network tracing or forensics that you perform (tracing IDs via processes) • Snort (http://www.snort.org/) • Sguil (http://sguil.sourceforge.net/) • General Monitoring • Nagios(http://www.nagios.org) • Tripwire(http://sourceforge.net/projects/tripwire/) &AIDE(http://sourceforge.net/projects/aide)

  10. Security Monitoring & Forensics(continued) • Inventorying & Auditing - • Tests that are performed to check security. • Bastille (http://www.bastille-linux.org/) • Nessus (http://www.nessus.org/) • SARA (http://www-arc.com/sara/) • Forensics - procedures, techniques • Benchmarking - performance, network • Alerts and Escalation

  11. SysAdmin Training • SAGE Job Descriptions(http://www.sage.org/pubs/8_jobs/) • Linux Professional Institute(http://www.lpi.org) • Red Hat Certification

  12. THANK YOU • Please visit web site • http://www.gridpp.ac.uk/wiki/SiteSecurity

More Related