Basics, important sites, HOWTO's, handbooks, hardening, tips

Hi, I found this reference information for people who wants to get rich knowlege about sysadmin.. (Part 1)

Part1 - Basics, important sites, HOWTO's, handbooks, hardening, tips
Part2 - Netfilter, firewall, Iptables, Ipchains, DoS, DDoS
Part3 - Intrusion detection, integrity checks: IDS, NIDS, HIDS, Antivirus, software
Part4 - Chroot, chrooting, jailing, comparimization
Part5 - Forensics, recovery, undelete
Part6 - Securing networked services

Part1 - Basics, important sites, HOWTO's, handbooks, hardening, tips

Basics, important sites, HOWTO's, handbooks, hardening, tips

UNIX Security Checklist v2.0:
SANS, The Twenty Most Critical Internet Security Vulnerabilities:
SANS SCORE Checklists for W32/Solaris/Cisco IOS/Mac OS/etc etc:
SANS, Reading room, Linux Issues:

CERT, Security improvements:
CERT, Tech Tips:
Linux Administrator's Security Guide (LASG):
Linux Security Administrator's Guide (SAG, old):
The Linux Network Administrator's Guide (NAG):
Securing & Optimizing Linux: The Ultimate Solution (PDF):
Securing Optimizing Linux RH Edition (older):
Linux Security HOWTO:
Linux Security Quick Reference Guide (PDF):
Security Quick-Start HOWTO for Linux,:
Security links at Linuxguru's:
TLPD Networking Security HOWTO's:

Compromise, breach of security, detection
Intruder Detection Checklist (CERT):
Detecting and Removing Malicious Code (SF):
Steps for Recovering from a UNIX or NT System Compromise:
Formatting and Reinstalling after a Security Incident (SF):
How to Report Internet-Related Crime ( CCIPS):
Related, old(er) articles/docs:
Intruder Discovery/Tracking and Compromise Analysis:
Intrusion DetectionPrimer:
Through the Looking Glass: Finding Evidence of Your Cracker (LG):
Recognizing and Recovering from Rootkit Attacks:
See also post #5 under Forensics docs

Advisories, alerts, bulletins, disclosure, mailinglists, mailing archives, knowledge bases, other sites
Bugtraq (running):
or RSS:
or RSS (Advisories):
or RSS (News articles):
or RSS (Vulns):
Securitytracker (Advisories):

Neohapsis (mailinglists/archives):
theaimsgroup (mailinglists/archives):
Der Keiler (mailinglists/archives):

Linux Gazette:
Experts exchange:
The Linux Documentation Project:
Blacksheep (HOWTO's, whitepapers, etc):
E-secure-db Security Information Darabase:
Linuxmag, Hardening Linux Systems:
Matt's Unix Security Page:
Jay Beale's docs (Bastille-linux/CIS):
The Unix Auditor's Practical Handbook:
Aging stuff from Phrack like "Unix System Security Issues":

Mailinglists distro specific:

Our own markus1982 on a roll! LQ HOWTO: securing debian: (search for



Conectiva Linux (subscribe for URL above URL; security-mailinglist Lingua Franca is Portugese, but on updates-mailinglist it's Engish. The last one always has the packages updates announced on security-mailinglist.

Slackware (subscribe for URL above)

# We need to incorporate more distro's here.

Hardening, distro specific
Debian/Mandrake/Red Hat: Bastille Linux:
Debian Security HOWTO:
Debian Security FAQ:
Mandrake: msec-*.rpm:
Slackware: Slackware Administrators Security tool kit:

Log analysis tools, resources
Auditd: Linux Audit:
Auditd: CAPP rules example:
Tools & Tips for auditing code:
Track unlink syscall (rm): TrackFS, libauditunlink, LAUS, LTT (Syscalltrack on 2.4)
# FWanalog (Summarizes IPF & IPtables firewall logs)
# FWlogsum (Summarizes Checkpoint FW1 logs)
# FWlogwatch (Summarizes firewall & IDS logs)
# KLogger (WinNT/Win2K keystroke logger)
# Linux Event Logger (For Enterprise-Class Systems):
# Lmon (PERL-based real time log monitoring solution)
# LogSentry (Monitors logs for security violations)
# Logsurfer (Monitors logs in realtime)
# PIdentd (Provides UserID with TCP connects)
# Swatch (Monitors syslog messages)
# Secure Remote Syslogger (Encrypted streaming syslog)
# SnortSnarf (HTMLized Snort Log Reviewer)
# Syslog-NG (Replacement for standard syslog facility)
# Syslog.Org (Vast info on syslogging)
# Throughput Monitor (An event counter per timeframe log analyzer): (check the library):
Counterpane, Log Analysis Resources:
EVlog, Linux Event Logging for Enterprise-class systems
Throughput Monitor
Need to add: Snare, LTK etc etc

Daemons, device or application specific:
The Linux-PAM System Administrators Guide
Securing Xwindows:
How to Build, Install, Secure & Optimize Xinetd: #(link gone, see:
Installation of a secure webserver (SuSE): #(link gone, do a websearch for "suse_secure_webserver.txt")
Linksys security (LQ notes on):

Auditing tools at:

Original Source: