Chapter 6. Securing the System
Introduction
This chapter includes several hacks that demonstrate some security
mechanisms that arenât well-documented elsewhere. Iâve also provided
some new twists on old security favorites. Everyone has heard of
sudo
, but are you also aware of the
security pitfalls it can introduce? Youâre probably also well-versed in
ssh
and scp
, but you may have yet to harness the
usefulness of scponly
.
Youâll also find several scripts to automate some common security practices. Each provides an excellent view into another administratorâs thought processes. Use their examples to fuel your imagination and see what security solutions you can hack for your own network.
Strip the Kernel
Donât be shy. A kernel stripped down to the bare essentials is a happy kernel.
Picture the typical day in the life of a system administrator. Your mission, if you choose to accept it, is to achieve the impossible. Today, youâre expected to:
Increase the security of a particular server
Attain a noticeable improvement in speed and performance
Although there are many ways to go about this, the most efficient way is to strip down the kernel to its bare-bones essentials. Having this ability gives an administrator of an open source system a distinct advantage over his closed source counterparts.
The first advantage to stripping the kernel is an obvious security boost. A vulnerability canât affect an option the kernel doesnât support. The second is a noticeable improvement in speed ...
Get BSD Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.