====PLEASE EDIT/COMMENT/IMPROVE/COPY/REMOVE AT WILL==== Configuration Basics How to Identify Security Requirements on a System Identify execution flows on the system What can trigger an execution Boot process (for running daemons / services) External interaction (users, other systems) Scheduling For each separate execution flow, create a role For each role, identify the execution flow starting point Boot process : init External interaction : login, sudo, su, ssh Scheduling : cron, at For each role, identify the resources used Filesystem use Read access ? where ? Write access ? where ? Exec access ? where ? Devices Role-dependant : networking : setup a correct firewall, identify devices for interaction CPU / Memory / ... How much ? The role specification allows admin to completely forbid access to the "default role", so that something unusual happening will be blocked. Users, User IDs and Paths You need to identify who/what needs an access to which resources. Roles usually can be represented by one account each. Create specific accounts for specific tasks, users or group of users. Choose wether the accounts database will be managed by RSBAC or not : if the database needs to be managed by RSBAC, choose the USER MODE (UM) module, prepare the PAM module for RSBAC but don't activate it. Load the groups db into RSBAC first ("rsbac_groupadd -O"), then users db into RSBAC ("rsbac_useradd -O"), then set a password manually for each user who needs one ("rsbac_password [...]") (no, we can't crack MD5 to automate SHA1 hashes creation...) Choose a password policy : how complex and long should your users' passwords needs to be ? When do they need to be changed ? If you think you need guest-like accounts to the system, think twice wether or not you really need them. Identify the minimal resources and accesses that should be available (the "minimal-rights" profile). Use PAM-chroot with RSBAC-jail when you can use it. System Base Filesystem (Read, Write, Exec...) Base binaries and libraries Identify places where binaries should be executed : $PATH, some specific users' $HOME/bin directories... Forbid execution on places different than above identified. Prevent tampering by forbidding write access for system-wide directories. Do you need a scheduled integrity checker ? Kernel (/boot) Prevent any access to /boot apart from the boot process role. Do you really need some apps to access System.map ? Devices (/dev) Static /dev or UDEV ? Disable any filesystem modification if you can afford it. Identify needed /dev files for console or remote logins. Configuration (/etc) : details ? Homes (/home, /root) : only allow roles to access its own account(s)' home. System info (/proc, /sys) : prevent access to unneeded information, prevent mem reading Mail, Sockets, Spoolers (/var) : protect mail, logs (see logs) Temporary data (/tmp) : sticky, noexec (nodev?-socket) Alternate Apps, Removable media (/opt ...) Processes Running daemons (cron/atd, clamd, *logd, getties...) : what processes ? when ? run by whom ? Scheduled daemons (mail daemon, logrotate...) : identify them User processes : are there any (human) user processes which needs to run while he's not logged ? Network services Identifying needed services : do you really need it ? when does it need to be opened ? Identify interaction capabilities (remote, local, ...) Firewalling : filtering, port < 1024 guarantees root owner? Logging Current log files (cf filesystem) : identify processes / users who needs access to /var/log, prevent the rest to access Log archiving Selecting a Security Model Combination General Criteria Model Specifics Experiences Breaking the Requirements into Model Specific Designs Sample System Select Simple System Type Specify Requirements Select Models Design a Configuration Implement it FIXME Administration Examples Learning Mode