Chapter 2 - Hardening the Operating System

Abstract

This chapter describes the essential steps an administrator must follow to harden a Unix system; specifically, it deals with a Red Hat Linux system. The steps in hardening a Linux server involve applying the most current errata and updated service package to the operating system, handling maintenance issues, installing the most current required Red Hat errata, manually disabling unnecessary services and ports, hardening the system with bastille, controlling and auditing root access with Superuser Do (sudo), managing log files, and using logging enhancers. It is extremely important to install the latest service pack or updates to the operating system, which fix many security vulnerabilities and bugs before one installs any programs. Many services provided with operating systems are not required and can be removed. The key to remember is that the fewer services running, the less potential vulnerability. Bastille is an open source program that facilitates the hardening of a Linux system, whereas, sudo is an open source security tool that allows an administrator to give specific users or groups the ability to run certain commands as root or as another user. The hardening process focuses on the operating system, and is important regardless of the services offered by the server. The steps will vary slightly between services, such as e-mail and Hypertext Transfer Protocol (HTTP), but are essential for protecting any server that is connected to a network, especially the Internet. Hardening the operating system allows the server to operate efficiently and securely.