Domino on Linux series: Server Hardening tips #1


Another quick tip for those out there that are still new to Linux – server hardening. Server hardening is an important part of putting your new Linux server into production, you can’t just set up a server, install Domino and then “just put it out there” – you need to do some more basic security first.

Here some tips:

Don’t use [root]

Do not use the root account for any normal work – create an admin user and use that account for your daily work. You can assign sudo rights and get all work done that you need done. I suggest to disable the root account – that is the safest solution.

Run only necessary software:

Every piece of software that is running and that you do not really need consumes system resources and also presents a potential security hole.  I always advise to strip off all unnecessary weight:

Red Hat:

yum list installed
yum list [packageName]
yum remove [packageName]

Debian:

dpkg --list
dpkg --info [packageName]
apt-get remove [packageName]

Linux Security Extensions:

I advise to use either SELinux or Apparmor. grsecurity is another program that is out there.  Personally I usually use SELinux and it comes installed default on Red Hat. With either of these programs you can set up some very good security that will help keep your server(s) safe. Seriously – you need to install one of these products and turn it on.

Password Policies and Password Aging

If yo are used to Active Directory and all the built-in password policies, then this is not a new issue.rules with minimum password length, special characters, restricting the use of previous passwords, lock-outs of accounts after multiple false log-ins, etc. .. you must have heard it all already.

You can use pam_cracklib.so to enforce password policies. Use programs such as [Jack the Ripper] to crack weak passwords.Alternatively you can look into adding your Linux servers (and Desktops if you have any) to AD and use the accounts there for authentication. I plan to blog no that specific feature sometime in the near future.

More on further ideas for server hardening will follow soon.

Domino on Linux series: Ubuntu


I usually try to avoid just re-hashing content somebody else put out there, I like to post less but be relevant. however, it is time to introduce one of my favorite websites … Ubuntu Geek. This site is great, I have it in my feed and there is not a day when there is not something new I learn or get reminded of a unique use of something that I might know of but had never considered alternative usage for.

Today I came across this one: Tip:How to restore accidently deleted top panel in ubuntu 10.04 (Lucid)

I had right-clicked once too many times on my desktop a while back and had been scratching my head on how to get that top panel back – now I save myself from another exhausting Google search and don’t have to post in a forum … Three cheers for Ubuntu Geek!