Configuration Basics

      How to Identify Security Requirements on a System
              Identify execution flows on the system
                      What can trigger an execution
                              Boot process (for running daemons / services)
                              External interaction (users, other systems)
                              Scheduling
                      For each separate execution flow, create a role
                      For each role, identify the execution flow starting point
                              Boot process : init
                              External interaction : login, sudo, su, ssh
                              Scheduling : cron, at
                      For each role, identify the resources used
                              Filesystem use
                                      Read access ? where ?
                                      Write access ? where ?
                                      Exec access ? where ?
                              Devices
                              Role-dependant : networking : setup a correct firewall, identify devices for interaction
                              CPU / Memory / ...
                                      How much ?
                      The role specification allows admin to completely forbid access to the "default role", so that something unusual happening will be blocked.
              Users, User IDs and Paths
                      You need to identify who/what needs an access to which resources.
                      Roles usually can be represented by one account each.
                      Create specific accounts for specific tasks, users or group of users.
                      Choose wether the accounts database will be managed by RSBAC or not : if the database needs to be managed by RSBAC, choose the USER MODE (UM) module, prepare the PAM module for RSBAC but don't activate it. Load the groups db into RSBAC first ("rsbac_groupadd -O"), then users db into RSBAC ("rsbac_useradd -O"), then set a password manually for each user who needs one ("rsbac_password [...]") (no, we can't crack MD5 to automate SHA1 hashes creation...)
                      Choose a password policy : how complex and long should your users' passwords needs to be ? When do they need to be changed ?
                      If you think you need guest-like accounts to the system, think twice wether or not you really need them. Identify the minimal resources and accesses that should be available (the "minimal-rights" profile).
                      Use PAM-chroot with RSBAC-jail when you can use it.
              System Base
                      Filesystem (Read, Write, Exec...)
                              Base binaries and libraries
                                      Identify places where binaries should be executed : $PATH, some specific users' $HOME/bin directories...
                                      Forbid execution on places different than above identified.
                                      Prevent tampering by forbidding write access for system-wide directories.
                                      Do you need a scheduled integrity checker ?
                              Kernel (/boot)
                                      Prevent any access to /boot apart from the boot process role.
                                      Do you really need some apps to access System.map ?
                              Devices (/dev)
                                      Static /dev or UDEV ?
                                      Disable any filesystem modification if you can afford it.
                                      Identify needed /dev files for console or remote logins.
                              Configuration (/etc) : details ?
                              Homes (/home, /root) : only allow roles to access its own account(s)' home.
                              System info (/proc, /sys) : prevent access to unneeded information, prevent mem reading
                              Mail, Sockets, Spoolers (/var) : protect mail, logs (see logs)
                              Temporary data (/tmp) : sticky, noexec (nodev?-socket)
                              Alternate Apps, Removable media (/opt ...)
                      Processes
                              Running daemons (cron/atd, clamd, *logd, getties...) : what processes ? when ? run by whom ?
                              Scheduled daemons (mail daemon, logrotate...) : identify them
                              User processes : are there any (human) user processes which needs to run while he's not logged ?
              Network services
                      Identifying needed services : do you really need it ? when does it need to be opened ?
                      Identify interaction capabilities (remote, local, ...)
                      Firewalling : filtering, port < 1024 guarantees root owner?
              Logging
                      Current log files (cf filesystem) : identify processes / users who needs access to /var/log, prevent the rest to access
                      Log archiving
      Selecting a Security Model Combination
              General Criteria
              Model Specifics
              Experiences
      Breaking the Requirements into Model Specific Designs
      Sample System
              Select Simple System Type
              Specify Requirements
              Select Models
              Design a Configuration
              Implement it
      FIXME Administration Examples
      Learning Mode