Basics, important sites, HOWTO's, handbooks, hardening, tips

Hi, I found this reference information for people who wants to get rich knowlege about sysadmin.. (Part 1)

Part1 - Basics, important sites, HOWTO's, handbooks, hardening, tips
Part2 - Netfilter, firewall, Iptables, Ipchains, DoS, DDoS
Part3 - Intrusion detection, integrity checks: IDS, NIDS, HIDS, Antivirus, software
Part4 - Chroot, chrooting, jailing, comparimization
Part5 - Forensics, recovery, undelete
Part6 - Securing networked services

Part1 - Basics, important sites, HOWTO's, handbooks, hardening, tips

Basics, important sites, HOWTO's, handbooks, hardening, tips

Checklists
UNIX Security Checklist v2.0: http://www.cert.org/tech_tips/unix_s...cklist2.0.html
SANS, The Twenty Most Critical Internet Security Vulnerabilities: http://www.sans.org/top20/
SANS SCORE Checklists for W32/Solaris/Cisco IOS/Mac OS/etc etc: http://www.sans.org/score/
SANS http://www.sans.org/infosecFAQ/linux/linux_list.htm
SANS, Reading room, Linux Issues: http://www.sans.org/rr/catindex.php?cat_id=32

Securing
CERT, Security improvements: http://www.cert.org/security-improvement/
CERT, Tech Tips: http://www.cert.org/tech_tips/
Linux Administrator's Security Guide (LASG): http://www.seifried.org/lasg/
Linux Security Administrator's Guide (SAG, old): http://www.tldp.org/LDP/sag/index.html
The Linux Network Administrator's Guide (NAG): http://www.tldp.org/LDP/nag2/index.html
Securing & Optimizing Linux: The Ultimate Solution (PDF): http://www.tldp.org/LDP/solrhe/Secur...ution-v2.0.pdf
Securing Optimizing Linux RH Edition (older): http://tldp.org/LDP/solrhe/Securing-...-Edition-v1.3/
Linux Security HOWTO: http://tldp.org/HOWTO/Security-HOWTO/index.html
Linux Security Quick Reference Guide (PDF): http://www.tldp.org/REF/ls_quickref/QuickRefCard.pdf
Security Quick-Start HOWTO for Linux,: http://tldp.org/HOWTO/Security-Quickstart-Redhat-HOWTO/
Security links at Linuxguru's: http://www.linuxguruz.org/z.php?id=914
TLPD Networking Security HOWTO's: http://www.tldp.org/HOWTO/HOWTO-INDE...ml#NETSECURITY

Compromise, breach of security, detection
Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intrud...checklist.html
Detecting and Removing Malicious Code (SF): http://www.securityfocus.com/infocus/1610
Steps for Recovering from a UNIX or NT System Compromise: http://www.cert.org/tech_tips/root_compromise.html
Formatting and Reinstalling after a Security Incident (SF): http://www.securityfocus.com/infocus/1692
How to Report Internet-Related Crime (usdoj.gov CCIPS): http://www.usdoj.gov/criminal/cybercrime/reporting.htm
Related, old(er) articles/docs:
Intruder Discovery/Tracking and Compromise Analysis: http://staff.washington.edu/dittrich...khat/blackhat/
Intrusion DetectionPrimer: http://www.linuxsecurity.com/feature...e_story-8.html
Through the Looking Glass: Finding Evidence of Your Cracker (LG): http://www.linuxgazette.com/issue36/kuethe.html
Recognizing and Recovering from Rootkit Attacks: http://www.cs.wright.edu/people/facu...on/obrien.html
See also post #5 under Forensics docs

Advisories, alerts, bulletins, disclosure, mailinglists, mailing archives, knowledge bases, other sites
Bugtraq (running): http://www.mail-archive.com/bugtraq@securityfocus.com/
or http://msgs.securepoint.com/cgi-bin/...q-current.html
or http://www.der-keiler.de/Mailing-Lis...focus/bugtraq/
or RSS: http://www.djeaux.com/rss/insecure-full-bugtraq.rss
Linuxsecurity: http://www.linuxsecurity.com
or RSS (Advisories): http://www.linuxsecurity.com/static-...advisories.rss
or RSS (News articles): http://www.linuxsecurity.com/static-...y_articles.rss
Securityfocus: http://www.securityfocus.com
or RSS (Vulns): http://www.securityfocus.com/rss/vulnerabilities.xml
Securiteam: http://www.securiteam.com/
CERT KB: http://www.cert.org/kb/
Securitytracker (Advisories): http://www.securitytracker.com/topics/topics.html
SANS RSS (ISC): http://iscxml.sans.org/rssfeed.xml

Neohapsis (mailinglists/archives): http://www.neohapsis.com
theaimsgroup (mailinglists/archives): http://marc.theaimsgroup.com/
Der Keiler (mailinglists/archives): http://www.der-keiler.de/

Linux Gazette: http://www.linuxgazette.com
Experts exchange: http://www.experts-exchange.com
The Linux Documentation Project: http://www.tldp.org
Blacksheep (HOWTO's, whitepapers, etc): http://www.blacksheepnetworks.com/security/
IRIA: http://www.ists.dartmouth.edu/IRIA/k...base/index.htm
E-secure-db Security Information Darabase: http://www.e-secure-db.us/dscgi/ds.p...ollection-1586
Linuxmag, Hardening Linux Systems: http://www.linux-mag.com/2002-09/guru_01.html
SEI: http://www.sei.cmu.edu/publications/lists.html
Matt's Unix Security Page: http://www.deter.com/unix/
Jay Beale's docs (Bastille-linux/CIS): http://www.bastille-linux.org/jay/se...icles-jjb.html
The Unix Auditor's Practical Handbook: http://www.nii.co.in/tuaph.html
Aging stuff from Phrack like "Unix System Security Issues": www.fc.net/phrack/files/p18/p18-7.html

Mailinglists distro specific:
RedHat
http://www.redhat.com/support/errata/
http://www.redhat.com/mailing-lists/...ist/index.html

Debian
Our own markus1982 on a roll! LQ HOWTO: securing debian:
http://www.linuxquestions.org/questi...threadid=61670
http://bugs.debian.org/
http://lists.debian.org/ (search for debian-security@lists.debian.org)
http://security.debian.org/

S.u.S.E.
mailto:suse-security@suse.com
mailto:suse-security-announce@suse.com
(subscribe: mailto:suse-security-subscribe@suse.com)

Mandriva
http://www.mandriva.com/en/security/advisories

Conectiva Linux
http://distro.conectiva.com/seguranca/
mailto:seguranca@distro.conectiva.com.br (subscribe for URL above URL; security-mailinglist Lingua Franca is Portugese, but on updates-mailinglist it's Engish. The last one always has the packages updates announced on security-mailinglist.

Slackware
http://www.slackware.com/lists/
mailto:slackware-security@slackware.com (subscribe for URL above)

# We need to incorporate more distro's here.

Hardening, distro specific
Debian/Mandrake/Red Hat: Bastille Linux: http://www.bastille-linux.org/
Debian Security HOWTO: http://www.debian.org/doc/manuals/se...-debian-howto/
Debian Security FAQ: http://www.debian.org/security/faq
Mandrake: msec-*.rpm: http://www.linux-mandrake.com/
SuSE: http://www.suse.de/~marc/
Slackware: Slackware Administrators Security tool kit: http://sourceforge.net/projects/sastk/
Slackware: http://members.cox.net/laitcg/new/system-hardening.txt

Log analysis tools, resources
Auditd: Linux Audit: http://people.redhat.com/sgrubb/audit/
Auditd: CAPP rules example: http://www.math.ias.edu/doc/audit-1.0.3/capp.rules
Tools & Tips for auditing code: http://www.vanheusden.com/Linux/audit.html
Track unlink syscall (rm): TrackFS, libauditunlink, LAUS, LTT (Syscalltrack on 2.4)
# FWanalog (Summarizes IPF & IPtables firewall logs)
# FWlogsum (Summarizes Checkpoint FW1 logs)
# FWlogwatch (Summarizes firewall & IDS logs)
# KLogger (WinNT/Win2K keystroke logger)
# Linux Event Logger (For Enterprise-Class Systems): http://evlog.sourceforge.net/
# Lmon (PERL-based real time log monitoring solution)
# LogSentry (Monitors logs for security violations)
# Logsurfer (Monitors logs in realtime)
# PIdentd (Provides UserID with TCP connects)
# Swatch (Monitors syslog messages)
# Secure Remote Syslogger (Encrypted streaming syslog)
# SnortSnarf (HTMLized Snort Log Reviewer)
# Syslog-NG (Replacement for standard syslog facility)
# Syslog.Org (Vast info on syslogging)
# Throughput Monitor (An event counter per timeframe log analyzer): http://home.uninet.ee/~ragnar/throughput_monitor/
Loganalysis.org (check the library): http://www.loganalysis.org/
Counterpane, Log Analysis Resources: http://www.counterpane.com/log-analysis.html
EVlog, Linux Event Logging for Enterprise-class systems
Throughput Monitor
Need to add: Snare, LTK etc etc

Daemons, device or application specific:
The Linux-PAM System Administrators Guide
Securing Xwindows: http://www.uwsg.indiana.edu/usail/ex...d/xsecure.html
How to Build, Install, Secure & Optimize Xinetd: #(link gone, see: http://web.archive.org/web/200410121...netd/index.php)
Installation of a secure webserver (SuSE): #(link gone, do a websearch for "suse_secure_webserver.txt")
Linksys security (LQ notes on): http://www.linuxquestions.org/questi...007#post157007

Auditing tools at:
Packetstorm: http://www.packetstormsecurity.org/UNIX/audit/
SecurityFocus: http://www.securityfocus.com/tools/category/1

Original Source: Linuxquestions.org

6:31 PM | Tags: |

This entry was posted on 6:31 PM and is filed under security . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

0 Comments:

Post a Comment

Subscribe to: Post Comments (Atom)