Securing and Optimizing Linux:RedHat Edition | All about OS

Disable the Control-Alt-Delete keyboard shutdown command

Категория: Securing and Optimizing

Commenting out the line (with a “#”) listed below in your 7etc/inittab” file will disable the possibility of using the Control-Alt-Delete command to shutdown your computer. This is pretty important if you don’t have the best physical security on the box.
To do this, edit the inittab file (vi /etc/inittab) and change the line:
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
To read:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Now, for the change to take effect type in the following at a prompt: [root@deep /]# /sbin/init q
Physical hard copies of all-important logs
One of the most important security considerations is the integrity of the different log files under the 7var/log” directory on your server. If despite each of the security functions put in place on our server a cracker can gain access to it, our last defense is the log file system, so it is very important to consider a method of being sure of the integrity of our log files.
If you have a printer installed on your server, or on a machine on your network, a good idea would be to have actual physical hard copies of all-important logs. This can be easily accomplished by using a continuous feed printer and having the syslog program sending all logs you seem important out to “/dev/lpO” (the printer device). Cracker can change the files, programs, etc on your server, but can do nothing when you have a printer that prints a real paper copy of all of your important logs.
As an example:
For logging of all telnet, mail, boot messages and ssh connections from your server to the printer attached to this server, you would want to add the following line to the “/etc/syslog.conf file:
Edit the syslog.conf file (vi /etc/syslog.conf) and add at the end of this file the following line: authpriv.*;mail.*;local7.*;auth.*;daemon.info/dev/lpO
• Now restart your syslog daemon for the change to take effect: [root@deep /]# /etc/rc.d/init.d/syslog restart
As an example:
For logging of all telnet, mail, boot messages and ssh connections from your server to the printer attached to a remote server in your local network, then you would want to add the following line to “/etc/syslog.conf file on the remote server.
(If you don’t have a printer in your network, you can also copy all the log files to another machine; simply omit the first step below of adding 7dev/lpO” to your “syslog.conf file on remote and go directly to the “-r” option step on remote. Using the feature of copying all the log files to another machine will give you the possibility to control all syslog messages on one host and will tear down administration needs.)

Страниц: 1 2

« Shell logging
Fix the permissions under “/etc/rc.d/init.d” directory for script files »