HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_55
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 55 Commenting out “#” the line listed bellow in your “/etc/inittab” file will disable the possibility to use Control-Alt-Delete command to shutdown your computer. This is pretty important if you don't have the best physical security on the box. To do this, edit the  inittab file (vi /etc/inittab) and change the line: ca::ctrlaltdel:/sbin/shutdown -t3 -r now To read: #ca::ctrlaltdel:/sbin/shutdown -t3 -r now Now, for the change to take effect type in the following at a prompt: [root@deep /]# /sbin/init q 29. Physical hard copies of all important logs One of the most security consideration is the integrity of the different log files under “/var/log” directory on your server. If although all the securities were put in place in our server, a cracker can gain access to it, our last defence is the log files. So it is very important to consider a method by being sure of the integrity of our log files. If you have printer installed in your server or on other one in your network, a good idea would be to have actually physical hard copies of all-important logs. This can be easily accomplished by using a continuous feed printer and having syslog program sending all logs you seem important out to "/dev/lp0" (the printer device). Cracker can change the files, programs, etc on your server, but can do nothing when you have a real paper that print via the printer a copy of all of your important logs. As an example: For logging of all telnet, mail, boot messages and ssh connections from your server to the printer attached to this server, you would want to add the following line to "/etc/syslog.conf" file: Edit the syslog.conf file (vi /etc/syslog.conf) and add at the end of this file the following line: authpriv.*;mail.*;local7.*;auth.*;daemon.info /dev/lp0 · Now restart your syslog daemon for the change to take effect: [root@deep /]# /etc/rc.d/init.d/syslog restart As an example: For loggin of all telnet, mail, boot messages and ssh connections from your server to the printer attached to a remote server in your local network, then you would want to add the following line to "/etc/syslog.conf" file on the remote server. If you don’t have a printer in your network, you can also copy all the log files to another machine, simply obmit the first step bellow of adding “/dev/lp0” to your “syslog.conf” file on remote and go directly to the “-r” option step on remote. Using the feature of copying all the log files to another machine will give you the possibility to control all syslog messages on one host and will tears down administration needs. Edit the syslog.conf file (vi /etc/syslog.conf) on the remote server (for example: mail.openarch.com) and add at the end of this file the following line: authpriv.*;mail.*;local7.*;auth.*;daemon.info /dev/lp0