Deals with the particulars of installing and setting up a secure SUSE Linux Enterprise Server, and additional post-installation processes required to further secure and harden that installation. Supports the administrator with security-related choices and decisions.
- About This Guide
- 1 Common Criteria
- 2 Linux Security and Service Protection Methods
- 2.1 Physical Security
- 2.2 Locking Down the BIOS
- 2.3 Security via the Boot Loaders
- 2.4 Verifying Security Action with
seccheck
- 2.5 Retiring Linux Servers with Sensitive Data
- 2.6 Backups
- 2.7 Disk Partitions
- 2.8 Firewall (iptables)
- 2.9 Security Features in the Kernel
- 2.10 AppArmor
- 2.11 SELinux
- 2.12 FTP,
telnet
, andrlogin
(rsh) - 2.13 Removing Unnecessary Software Packages (RPMs)
- 2.14 Patching Linux Systems
- 2.15 Securing the Network—Open Network Ports Detection
- 2.16
xinetd
Services - Disabling - 2.17 Securing Postfix
- 2.18 File Systems: Securing NFS
- 2.19 Copying Files Using SSH Without Providing Login Prompts
- 2.20 Checking File Permissions and Ownership
- 2.21 Default umask
- 2.22 SUID/SGID Files
- 2.23 World-Writable Files
- 2.24 Orphaned or Unowned Files
- 2.25 Restricting Access to Removable Media
- 2.26 Various Account Checks
- 2.27 Enabling Password Aging
- 2.28 Stronger Password Enforcement
- 2.29 Leveraging an Effective PAM stack
- 2.30 Restricting
root
Logins - 2.31 Setting an Inactivity Timeout for Interactive Shell Sessions
- 2.32 Preventing Accidental Denial of Service
- 2.33 Displaying Login Banners
- 2.34 Miscellaneous
Copyright © 2006–2024 SUSE LLC and contributors. All rights reserved.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”.
For SUSE trademarks, see https://www.suse.com/company/legal/. All third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.
All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.