注意:

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Security

From Funtoo
Revision as of 07:02, May 18, 2015 by Threesixes (talk | contribs) (initial commit)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Security is a complex topic, here we will try to make things easier to decipher and understand. This page will go from zero to tin foil hat.

Understanding the concept of nesting is essential when drawing up your security plan. Disable all unnecessary services, uninstall all unnecessary software, disable all unnecessary kernel options, set useflags to -useflag to cut cruft down in sources, pass data through other servers performing specific functions like firewalling, or caching that will obfuscate the source of data. Data integrity requires off site backups so floods, power outages, wars, etc do not compromise your datas existence. Encrypt your drives so if they are physically taken your data is safe. Sign messages with gpg, use ssh instead of telnet, create ssl certificates. Do not use via/intel hwrng as /dev/random entropy sources. Monitor logs for malicious activity. If possible the last layer of security should be once all systems are broken and compromised, do not have anything of value or important going on with the system. separating computing tasks in the network over several computers helps to this end. corporations have email servers, www servers, routers, so on so forth.

Physical Security

If someone can take your system, your going to have a bad day. anchor your system to permement structures, such as rack mounting. have security cameras, and locked doors.


Software Security

install sudo, make a wheel fake root user with an arbitrary name, and disable the root account with passwd -e -l install a syslog install nftables install sshguard and have it watch logs for multiple failed login attempts, and block attackers.

apparmor, tomoyo, and selinux are mandatory access control systems.

https://en.wikipedia.org/wiki/PaX https://grsecurity.net/