Welcome to Linux Screw! If you're new here, you may want to subscribe our RSS feed.
The National Security Agency (NSA) recently issued security configuration guides for various operating system, including MAC OS X, Windows, Linux and Solaris. The published guides are used by the government and are pretty interesting.
Guide for Linux is presented as Hardening Tips for the Red Hat Enterprise Linux 5 and Guide to the Secure Configuration of Red Hat Enterprise Linux 5. Of course most of recommendation suit other distributions. Here is the introduction quote from latter guide:
The purpose of this guide is to provide security configuration recommendations for the Red Hat Enterprise Linux (RHEL) 5 operating system. The guidance provided here should be applicable to all variants (Desktop, Server, Advanced Platform) of the product. Recommended settings for the basic operating system are provided, as well as for many commonly-used services that the system can host in a network environment.
The guide is intended for system administrators. Readers are assumed to possess basic system administration skills for Unix-like systems, as well as some familiarity with Red Hat’s documentation and administration conventions. Some instructions within this guide are complex. All directions should be followed completely and with understanding of their effects in order to avoid serious adverse effects on the system and its security.
Above mentioned guide covers the following directions: system-wide configuration (for example, iptables and ip6tables setup, logging, selinux and etc.) and services configuring (SSH, Avahi server, MTA, LDAP and many others).
Linux Screw (and NSA btw 
) strongly recommends every system administrator to get familiar with this guide(s).
Thanks to G-Loaded! (Technology and Open-Source Software related journal).
Share This
Good to see that the NSA is giving linux more attention. The military used to have a much higher than expected number of unix breakins, presumably because they have a high staff turnover of wildly different skill levels combined with until recently very few best practices documentation (at least in the public view. I have no idea about what they have/had that may be classified.)
All of teh NSA security guides are useful as a baseline configuration. Especially in environments where you need a well-thought-out set of best practices, for example in bank web servers. Definitely doesn't replace good implementation thought, but an excellent jumping off point.
Thanks for posting this. I hadn't noticed they have one for RHEL 5 yet.
Hmmm guys - have you read both http://www.linuxhaxor.net/2007/12/26/nsa-released-guide-to-secure-red-hat-linux/ and http://linux-blog.org/index.php?/archives/240-Are-You-Secure.html#extended?
Are you still sure that you want to promote their stuff? I'm neither an American,nor do I live in the US of A, but I'm still paranoid enough never to trust those guys…
cheers,
wjl
Hi Wolfgang,
Actually, tips and notes in above-mentioned guides are rather straightforward and it’s very doubtful that NSA could affect Linux systems by them. Anyway commands like
yum erase telnet-servermight be useful even if they are suggested by NSA