nsa usa logoThe National Security Agency (NSA) recently issued security configuration guides for various operating system, including MAC OS X, Windows, Linux and Solaris. The published guides are used by the government and are pretty interesting.

Guide for Linux is presented as Hardening Tips for the Red Hat Enterprise Linux 5 and Guide to the Secure Configuration of Red Hat Enterprise Linux 5. Of course most of recommendation suit other distributions. Here is the introduction quote from latter guide:

The purpose of this guide is to provide security configuration recommendations for the Red Hat Enterprise Linux (RHEL) 5 operating system. The guidance provided here should be applicable to all variants (Desktop, Server, Advanced Platform) of the product. Recommended settings for the basic operating system are provided, as well as for many commonly-used services that the system can host in a network environment.

The guide is intended for system administrators. Readers are assumed to possess basic system administration skills for Unix-like systems, as well as some familiarity with Red Hat’s documentation and administration conventions. Some instructions within this guide are complex. All directions should be followed completely and with understanding of their effects in order to avoid serious adverse effects on the system and its security.

Above mentioned guide covers the following directions: system-wide configuration (for example, iptables and ip6tables setup, logging, selinux and etc.) and services configuring (SSH, Avahi server, MTA, LDAP and many others).

Linux Screw (and NSA btw :D ) strongly recommends every system administrator to get familiar with this guide(s).

Thanks to G-Loaded! (Technology and Open-Source Software related journal).

 

7 Comments

 

  1. December 25, 2007  1:17 am by Erek Dyskant Reply

    Good to see that the NSA is giving linux more attention. The military used to have a much higher than expected number of unix breakins, presumably because they have a high staff turnover of wildly different skill levels combined with until recently very few best practices documentation (at least in the public view. I have no idea about what they have/had that may be classified.)



    All of teh NSA security guides are useful as a baseline configuration. Especially in environments where you need a well-thought-out set of best practices, for example in bank web servers. Definitely doesn't replace good implementation thought, but an excellent jumping off point.



    Thanks for posting this. I hadn't noticed they have one for RHEL 5 yet.

  2. January 10, 2008  10:02 pm by artiomix Reply

    Hi Wolfgang,



    Actually, tips and notes in above-mentioned guides are rather straightforward and it's very doubtful that NSA could affect Linux systems by them. Anyway commands like <code>yum erase telnet-server</code> might be useful even if they are suggested by NSA :)

  3. June 15, 2010  11:01 am by Joey Stanaway Reply

    Nice Post! I was searching for free classified advertising and classified related articles when I came across your website post on Bing. This is exactly what I was looking for. Thanks for the share. I've bookmarked this post for future reference :-) Nice comments - Best Wishes

  4. May 14, 2011  8:03 am by Chara Shinnick Reply

    Hello, I first would like to congratulate you on making such a great site, I definitely found your information very interesting and entertaining. Celebrities seem to be one of the best entertainment industries of the world today. If you want to view celebrity photos and interested in the latest celebrity gossip online, getting hollywood gossip on famous people, finding hollywood celebrity pictures and info on famous actors & actresses watch movies and tv shows online and get the hottest breaking news, celebrity photos, fashion, videos and games, Watch movies and tv shows online, check hottest celeb photos and everything. I would suggest you visit http://accesshollyhood.com

  5. May 14, 2011  8:21 am by Antonio Wemark Reply

    Hello, I first would like to congratulate you on making such a great site, I definitely found your information very interesting and entertaining. Celebrities seem to be one of the best entertainment industries of the world today. If you want to view celebrity photos and interested in the latest celebrity gossip online, getting hollywood gossip on famous people, finding hollywood celebrity pictures and info on famous actors & actresses watch movies and tv shows online and get the hottest breaking news, celebrity photos, fashion, videos and games, Watch movies and tv shows online, check hottest celeb photos and everything. I would suggest you visit http://accesshollyhood.com

  6. June 1, 2011  7:51 pm by Discount Video Games For Sale Reply

    I've observed that in the world the present day, video games are classified as the latest phenomenon with kids of all ages. There are times when it may be out of the question to drag your children away from the games. If you want the very best of both worlds, there are several educational video games for kids. Thanks for your post.

Leave a reply

 

Your email address will not be published.