Personal tools
You are here: Home Federal Linux Security Resources/checklists
Navigation
Who is Tracy Reed?

I am a Linux enthusiast, a multi-engine instrument-rated pilot, and a traveller. I am interested in all aspects of computing and technology in general, especially Linux and Free Software. As an avid pilot I can be found somewhere over the skies of the southwestern US most weekends.  As a traveller I have been to many interesting places. Check out my photo gallery. Want to get me something cool? Check out my Amazon.com wish list!

 Tracy

 

Federal Linux Security Resources/checklists

by Tracy R Reed — last modified Mar 08, 2012 01:08 AM
Filed Under:

A very good use of our tax dollars and worth the attention of sysadmins.

I often say that most successful attacks and vulnerabilities are failures of imagination (when they aren't outright laziness/penny pinching). The authors of these documents have seen a lot of attacks and know something about how things should be configured to give your servers a fighting chance. These guides and checklists are great to look over for inspiration and ideas on how to better lock down your systems. Look over each item and think to yourself: "What on earth happened such that they had to put this on a security checklist?"

http://www.nsa.gov/ia/_files/os/redhat/rhel5-pamphlet-i731.pdf

http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf (not Federal but good to review all the same)

http://benchmarks.cisecurity.org/tools2/linux/CIS_RHEL_5.0-5.1_Benchmark_v1.1.2.pdf (also not Fed but good)

http://web.nvd.nist.gov/view/ncp/repository

Use something like puppet to automate implementation of this stuff network-wide. That last NIST link even has an awesome puppet config for all of this! I've been reading through the code for the puppet modules and learned some neat things, including stuff I had no clue about previously such as how augeas works and what it is good for.

NIST, HIPPA, PCI, CIS, NSA, IQOQ, another day another security audit and industry-specific acronym!

Document Actions