ok

OSC15 – Craig Gardner – Hardening Your Linux Server



It is incumbent upon each system administrator to ensure that each system in the infrastructure is as secure as possible. One compromised system can endanger …

source

Tags

Related Articles

3 Comments

  1. And no, we don't all like SystemD, as Craig notes.

    The alleged "security" from SystemD in terms of logging would be better effected with a formal SYSLOG replacement than with a Busybox-on-steroids wearing too many hats.

  2. Great talk. Excellent points.

    Counter point on IPv6:
    DO NOT disable IPv6, not even in the name of security.
    I've been hearing "disable IPv6" as a security measure for almost a decade. And it's true that we should disable services we don't use. But IPv6 is a more secure place to be (than IPv4). Better to get into IPv6 land now and prepare for the day when we "disable IPv4".

    As Craig said, if you're using IPv6 then obviously leave it enabled.
    IPv6 is the kind of thing that any self respecting sysadmin should learn … and use.

    It's trivial to render your /etc/sysconfig/ip6tables to match your /etc/sysconfig/iptables. Do so. (Don't have IP Tables? That's a whole nutha discussion. But the concept remains.)

Leave a Reply

Back to top button
Close