Hardening the Linux OS

If you use the Linux operating system, you should read two OTN (Oracle Technology Network) articles on security, as well as an NSA security document.

OTN articles

The first OTN article is titled "Tips for Hardening an Oracle Linux Server" and is available at this URL: http://www.oracle.com/technetwork/articles/servers-storage-admin/tips-harden-oracle-linux-1695888.html. The article provides tips and techniques for hardening an Oracle Linux server, covering the following topics:
  • Minimize software and services. Eliminating unnecessary software packages and services minimizes possible avenues of attack.
  • Tighten networking and user access. The network is a prime point of entry for malicious users and applications. Fine-tuning the network configuration, along with all user access points, helps to prevent unauthorized access.
  • Protect applications and data. Setting up devices, mounts, and file systems appropriately (and in some cases using encryption) helps to safeguard applications and data.
  • Implement security features that enforce policies. In some cases, the security policy may dictate additional mechanisms, such as TCP wrappers, Pluggable Authentication Modules (PAM), or the implementation of Security-Enhanced Linux (SELinux).
The second OTN article is titled "Tips for Securing an Oracle Linux Environment" and is available at this URL: http://www.oracle.com/technetwork/articles/servers-storage-admin/secure-linux-env-1841089.html. The article provides software, network, and system monitoring recommendations for maintaining a secure Oracle Linux environment. The strategies discussed are:
  • Maintain physical system security.
  • Use security and management tools to scan for signs of compromise.
  • Apply software and security updates promptly.
  • Review procedures and policies at regular intervals.

NSA documents

The National Security Agency publishes a document titled "Guide to the Secure Configuration of Red Hat Enterprise Linux 5", available at: http://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf

The NSA also publishes a short pamphlet on hardening tips for Red Hat Enterprise Linux 5, which is available at: http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf