This guide is intended for the novice home user and the experienced systems administrator alike. It covers the installation and operation of Linux in two basic modes of operation: as a workstation and as a server. It does not cover configuring Linux for some of the other special-purpose functions that it performs so well, such as routers, firewalls, parallel processing, and so forth. The examples and instructions are based on the Red Hat version 6.0 release. Red Hat was chosen because it has the largest share of the Linux market, and version 6.0 was chosen because it includes the latest stable release of the Linux kernel, system libraries, utilities, etc. However, the concepts, advice, and procedures in this guide should translate rather easily to other distributions. You may have to explore your system a little to find configuration files that are in different directories, and to determine which versions of the software packages have been installed, but the exploration itself can be a good instructional tool.
This guide takes you, the reader, through the installation process then splits into separate steps for securing a workstation setup and a server setup. The guide discusses basic packet firewalls in terms of protecting services on a single local computer. Finally, the guide discusses a few useful tools for monitoring and testing the security of your system. We try to follow the principle of “defense in depth.” No one step is a silver bullet against system attacks, but taken as a whole, they build multiple layers of defense that make life just that much harder for “script kiddies” and dedicated computer criminals.
About the Author
Lee Brotzman is a senior systems programmer for Allied Technology Group, Inc., where he provides contract support in computer security for NASA, NOAA, the Department of Justice, and the FBI. He worked at NASA Goddard Space Flight Center from 1983 to 1995, concentrating in research and development of networked scientific data analysis and distribution systems. During this time, he taught courses in UNIX programming, UNIX Security for Systems Administrators and UNIX Security Toolkits at NASA field centers around the country, a task he continued after leaving NASA to work as aa private consultant in the field of LINUX-based information systems development. Rehired by Allied to support NASIRC and DoJCERT, he currently specializes in assessing exploits and vulnerabilities in UNIX operating systems and analyzing "hacker" tools.