Oracle® Linux 8

Enhancing System Security

Oracle Legal Notices
Oracle Documentation License

F22907-03

January 2020


Table of Contents

Preface
1 Guidelines and Best Practices for Enhancing System Security
2 Planning for a Secure Oracle Linux Environment
2.1 Recommended Deployment Configurations
2.2 Component Security
3 Features and Services for Enhancing System Security
3.1 About System Software Updates
3.2 About Certificate Management
3.3 About Data Encryption
3.4 About the Packet-Filtering Firewall
3.5 About TCP Wrappers
3.6 About SELinux
4 Implementing Additional Security Features and Best Practices
4.1 Disabling Core Dumps
4.2 Disable or Restrict the Automatic Bug Reporting Tool
4.3 Configuring a System in FIPS Mode
4.3.1 Enabling FIPS Mode
4.3.2 Disabling FIPS Mode
4.4 Configuring and Using Kernel Security Mechanisms
4.4.1 Address Space Layout Randomization
4.4.2 Data Execution Prevention or No eXecute
4.4.3 Position Independent Executables
4.5 Configuring System Cryptograpic Policies
4.6 Checking User Accounts and Privileges
4.7 Configuring User Authentication and Password Policies
4.8 Configuring File System Mounts, File Permissions, and File Ownerships
4.9 Restricting Access to SSH Connections
4.10 Using System Auditing and Monitoring
4.11 Using Advanced Intrusion Detection Environment
4.12 Implementing System Process Accounting
4.13 Protecting the Root Directory Using chroot Jails
4.13.1 Running DNS and FTP Services in a Chroot Jail
4.13.2 Creating a Chroot Jail
4.13.3 Using a Chroot Jail
5 Security Considerations for Developers
5.1 Design Principles for Secure Coding
5.2 General Guidelines for Secure Coding
5.3 General Guidelines for Network Programs