Securing the Base Installation

Because the security level for a newly installed UNIX or LINUX operating system does not likely suffice to meet your security requirements, we recommend taking the following precautions after the installation:

·        Harden the operating system

After the initial installation of the UNIX or LINUX operating system, you should “harden” the system to remove any unnecessary services and set the rights for operating system resources that may not be sufficiently protected.

Most of the UNIX and LINUX vendors provide scripts and directions for hardening their systems. Therefore, for more information, refer to your operating system vendor.

·        Check the integrity of system files on a regular basis

Because changes to system files are not necessarily detected by the operating system, we recommend checking the integrity of such files on a regular basis. Check with your operating system vendor for available tools and guidelines.

·        Restrict access to the operating system

System access should be restricted to authorized users only. In addition, all logons should be logged and monitored so that you can track user activities. For more information about how log and monitor logons, see the documentation provided by your operating system vendor.

·        Restrict physical access to the server

To prevent users from being able to misuse certain functions, for example, modifying boot processes, you should restrict physical access to the server. Such functions should only be available locally, and only authorized administrators should have physical access to the server. You should also have such administration activities logged.

·        Protect access to the server at the network level

You should also protect access to the server at the network level. Use a firewall system to allow access only over those ports that are necessary. For more information, see Network and Communication Security.