Linux Security Overview, TacLUG 2004

Due to time constraints (read: the twins are still only 6 months old, Bree just started back at work, and things haven't settled into a routine much yet) I knew I wasn't going to be able to make a new talk for the meeting. So I asked on the taclug-general mailing list what old talk I should recycle, and the response was that folks wanted to hear the Linux Security Overview I presented at ISSA exactly one year earlier.

Unfortunately, that's a 2 hour talk, so I naturally had to skip bits here and there to fit the concepts into a one hour slot. Luckily, since I was talking to a bunch of Linux geeks, I could shoot past some of the pages that were meant to get Windows admins up to speed.

The only problems were the following:

• Don't call on anyone in TacLUG until you've gotten past the current slide -- they're just going to anticipate where you're going and attempt to win a race condition.

• Except when they ask a question that was answered two slides ago. (Some sort of time-shift attack.)

• When Jarod Wilson tells you how to change your screen resolution, ignore him. Else you'll need to show the rest of the presentation from the HTML slides on the windows machine in the podium. Can you say denial of service?

Here's the talk outline:

Part one, automated hardening.

The use of Bastille Linux.

Part two, manual hardening

Identifying and shutting down network services manually from the command line.

Part three, advanced kernel security

Standard kernel-level security (traditional root vs capabilities), use of Lcap to remove capabilities from the kernel at run time, and alternate security models such as LIDS (Linux Intrusion Detection System) and Systrace.

Copyright 2004, Bri Hatch of Onsight, Inc.

Presented at Tacoma Linux Users Group, 2004.

Presentation created using vim and MagicPoint.