Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Counterparts


  • Please log in to reply
No replies to this topic

#1 DnDer

DnDer

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 01 March 2009 - 06:30 PM

Okay, working on a project for school, and I'm still in over my head. The notes on chkconfig were awesome (thanks, Andrew!), but I was hoping I could get the names of a few more processes to learn - just the names, I can google and learn from there. Unless you want to do my work for me, but I doubt it. :thumbsup:

I need to configure a Linux box to be more secure, out of the box. I'd prefer if I didn't have to use tools, but can do it all inside the OS with the tools as-is. Here were some of my ideas.

. . .

Changing root access.

Here's the deal I've learned with Windows. As an admin, you should ( a ) create an account with admin rights, ( b ) rename the Administrator account, ( c ) disable the Administrator account, and/or ( d ) delete the Administrator account. Oh, and never use the Administrator account, even after you rename it, unless you *have* to. Admins shouldn't be logging on as Administrator to do everyday normal stuff.

Now, as I understand it, "Root" operates in the same way. Since you can't delete Root, you need to remove people's ability to access it. What kinds of processes and command lines should I look for to make Root inaccessible to anyone but the system admin, like I would in Windows? (Command line is easier, I'm guessing, since that's going to be more universal than GUIs which vary from distro to distro, right?)

. . .

Change the workgroup.

I'm not even sure Linux has this, but I'll take a stab and hope that there's something similar for decentralized networks (ie, 3 computers in a house that don't need a server or system admin), with a default setting to make it easier. It's something as simple as changing the name on this setting, but I'm not entirely sure where this might be to change.

. . .

Disable Guest access.

Guest accounts are bad. I'm also learning Windows has the ability to create "null sessions" (something covered more next class session) that allow anonymous logins to workstations from across the net, and I think they use the Guest account on Windows. Unless I've gotten it all confused. Is this process going to be the same as removing Root access? Or because it's an actual account, you can just delete it and create user-specific accounts (or a guest account with permissions and groups you set, instead of a default guest account)?

. . .

I'm just trying to think of some really basic things you do to secure Windows from inside Windows without downloading anything. I'd like to translate those parallels to Linux machines, for my project. Can you point me in the right direction to go and research? I don't know enough to know where to start. Not from a CLI, anyway.

Edited by DnDer, 01 March 2009 - 06:32 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users