Security Best Practices and Tools for UNIX

published March 12th, 2011 | categories: Cascadia IT Conference, Events, Headline | all categories

Notes from Cascadia IT Conference 2011: Security Best Practices and Tools for UNIX with Matt Disney, Oak Ridge National Laboratories, National Center for Computational Sciences

What to do Now

Config mgmt

Centralized logging


encrypting data in transit

integrity mgmt for important files and systems

Centralized Logging Tools -

Patching: Ubuntu Pinning HowTo - https://help.ubuntu.com/community/PinningHowto – allows you to update software versions for newer distributions while maintaining your current distro.

Option: staging repo syncs using rsyncs, RedHat Network Satellite, Spacewalk

2 Factor Authentication



Network and host based firewalls

force a web proxy using iptables: http://www.linuxtopia.org/Linux_Firewall_iptables/x4508.html

Tools: Netfilter, fail2ban, capirca

ingress and egress firewall

Firewall Distros

Monowall - http://m0n0.ch/wall/

OpenWRT - http://openwrt.org/

Shorewall - http://www.shorewall.net/

minimization and compartmentalization of services for increased security

IPTables/Netfilter Modules – state module, limit module, recent module, inline store

Single Packet Authorization:

Fail2ban : filter.d/sshd.conf with failed regex filters


Chroot jails – makejail, ldd, mod_chroot for Apache

Solr search engine

SELinux – forcing, permissive, or disabled modes

Possibly available for Debian. Check in to that one. Available for RedHat and Fedorea

Alternatives: GR Secure and AppArmor

NIDS (Network Intrusion Tools)

Snort v2 – suppress using threshold.conf

Snort v3 -

Suricata - http://www.openinfosecfoundation.org/index.php/download-suricata – primary competitor to Snort, competitor to Snort ruleset

Bro – http://bro-ids.org/ and http://bro-ids.org/wiki/index.php/WorkshopMaterial. Needs better multi-threading capabilities

Pulled Pork - homegrown IDS


Flow Analysis – useful for network forensics

Free or Open-Source

Integrity Monitoring Tools

Misc. Intrusion Detection Topics

Extrusion Detection – Richard Bejtlich (http://www.amazon.com/Extrusion-Detection-Security-Monitoring-Intrusions/dp/0321349962/ref=sr_1_1?ie=UTF8&s=books&qid=1299974404&sr=8-1)

Egress Firewalls - http://securityskeptic.typepad.com/the-security-skeptic/firewall-best-practices-egress-traffic-filtering.html

Event Management Tools

Inventory Software

a major problem with agentless approaches is that it relies on network scanning. it is good for detecting changes, but not great for inventory.

Managing Priv. Escalation

FreeRadius - http://freeradius.org/

Vulnerability Scanning

Be careful with network scanners and virtual IP’s, as they could scan your box twice and overwhelm it.

Penetration Testing

Incident Response – response to a vulnerability to breach



Securing Web Servers - http://archive.nwlinux.com/oreilly-mysql-bill-karwin-sql-injection-myths-and-fallacies/

Related Posts

Previous Post: «
Next Post: »
Do you have something to say? Send me a message on Twitter @nwlinux.

Recent Posts

Adding a LCD monitor to the air monitoring data logger cube
categories include: Hardware

Office Prank: too many sticky notes
categories include: Images

Zero and Span using Advantech Device Manager
categories include: Hardware


About >> I'm a Network Administrator out of Olympia, WA.

Social >> You can find me on Twitter @nwlinux or LinkedIn.

RSS Feed >> You can hit up FeedBurner.