Securing-Optimizing-RH-Linux-1_2_55
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
55
Commenting out # the line listed bellow in your /etc/inittab file will disable the possibility to use
Control-Alt-Delete command to shutdown your computer. This is pretty important if you don't have
the best physical security on the box.
To do this, edit the inittab file (vi /etc/inittab) and change the line:
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
To read:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Now, for the change to take effect type in the following at a prompt:
[root@deep /]# /sbin/init q
29. Physical hard copies of all important logs
One of the most security consideration is the integrity of the different log files under /var/log
directory on your server. If although all the securities were put in place in our server, a cracker
can gain access to it, our last defence is the log files. So it is very important to consider a method
by being sure of the integrity of our log files.
If you have printer installed in your server or on other one in your network, a good idea would be
to have actually physical hard copies of all-important logs. This can be easily accomplished by
using a continuous feed printer and having syslog program sending all logs you seem important
out to "/dev/lp0" (the printer device). Cracker can change the files, programs, etc on your server,
but can do nothing when you have a real paper that print via the printer a copy of all of your
important logs.
As an example:
For logging of all telnet, mail, boot messages and ssh connections from your server to the printer
attached to this server, you would want to add the following line to "/etc/syslog.conf" file:
Edit the syslog.conf file (vi /etc/syslog.conf) and add at the end of this file the following line:
authpriv.*;mail.*;local7.*;auth.*;daemon.info /dev/lp0
·
Now restart your syslog daemon for the change to take effect:
[root@deep /]# /etc/rc.d/init.d/syslog restart
As an example:
For loggin of all telnet, mail, boot messages and ssh connections from your server to the printer
attached to a remote server in your local network, then you would want to add the following line to
"/etc/syslog.conf" file on the remote server.
If you dont have a printer in your network, you can also copy all the log files to another machine,
simply obmit the first step bellow of adding /dev/lp0 to your syslog.conf file on remote and go
directly to the -r option step on remote. Using the feature of copying all the log files to another
machine will give you the possibility to control all syslog messages on one host and will tears
down administration needs.
Edit the syslog.conf file (vi /etc/syslog.conf) on the remote server (for example:
mail.openarch.com) and add at the end of this file the following line:
authpriv.*;mail.*;local7.*;auth.*;daemon.info /dev/lp0