This is absolute bunk

Story: 7 ways to boost your Linux SecurityTotal Replies: 3
Author Content
phsolide

Apr 05, 2009
12:50 PM EDT
From the premise (linux harder to secure than windows or netware) to the hints, this article is almost complete bunk.

"Use ssh" and "disable unneeded" services are the only hints that make sense, but taken in the context of the "linux harder to secure than windows" premise, they turn the article into gibberish. You *can't* use SSH to administer a Windows host, for example. Or maybe you can, but nobody ever does it, for some reason, and an SSH server doesn't come stock with windows.

And just like you can't turn Word's auto-capitalization completely off, it seems like you can't really ever tell what services a windows box runs, much less turn them off reliably.

The idea of a "personal firewall" just doesn't make sense under linux. You can find out what you're running with netstat and lsof and probably a host of other ways. You just can't do this sort of thing easily under windows. Hence: your machine's network access is out of control, and you need a "personal firewall".
techiem2

Apr 05, 2009
1:45 PM EDT
ROFL

Quoting:This perception is not an uncommon one — many network administrators new to Linux find it hard to transition from a point-and-click security configuration interface to one based on editing complicated and hard-to-locate text files.


Cuz finding servicename.conf in /etc and changing the setting on a line from 0 to 1 or false to true is sooooo much harder than clicking through 20 seemingly unrelated menus and option dialogs in Windows to find the same setting to change from off to on.

techiem2

Apr 05, 2009
1:53 PM EDT
As for the rest of the article, it's actually not that bad. Note that he's talking about Linux Servers, not desktops, so his suggestions make sense.

I'm not so sure as to some of his suggestions for the root account though. Such as restrictions the terminals that can be logged into as root, and keeping the command history null. Since when are your users logging directly into your linux server locally? If they are, you have bigger issues to deal with than which consoles they can login to as root. And since the command history is generally in the user directory, only root can see his own history anyway.
jdixon

Apr 05, 2009
2:18 PM EDT
> ...is sooooo much harder than clicking through 20 seemingly unrelated menus and option dialogs in Windows to find the same setting to change from off to on.

And hoping Windows doesn't change it back on you, while still showing the setting as being correct. I can't count the number of times unselecting an option in Windows, applying, then reselecting and applying again has fixed problems.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!