https://beardedmaker.com/wiki/index.php?action=history&feed=atom&title=Linux_Security_%28random_notes%29Linux Security (random notes) - Revision history2026-04-26T12:33:13ZRevision history for this page on the wikiMediaWiki 1.27.4https://beardedmaker.com/wiki/index.php?title=Linux_Security_(random_notes)&diff=156&oldid=prevBeard: Created page with "<pre> tools: shred - securely delete files srm - securely delete files (part of package "secure-delete") sfill - securely overwrite empty space. use tune2fs to free up rese..."2016-02-29T21:35:57Z<p>Created page with "<pre> tools: shred - securely delete files srm - securely delete files (part of package "secure-delete") sfill - securely overwrite empty space. use tune2fs to free up rese..."</p>
<p><b>New page</b></p><div><pre><br />
tools:<br />
shred - securely delete files<br />
srm - securely delete files (part of package "secure-delete")<br />
sfill - securely overwrite empty space. use tune2fs to free up reserved space. (part of package "secure-delete")<br />
sswap - securely overwrite swap partition (part of package "secure-delete")<br />
sdmem - securely overwrite free ram (part of package "secure-delete")<br />
<br />
method of overwriting free space:<br />
dd if=/dev/urandom of=random.small.file bs=1024 count=102400<br />
dd if=/dev/urandom of=random.file bs=1024<br />
sync ; sleep 60 ; sync<br />
rm random.small.file<br />
rm random.file<br />
<br />
sometimes data is stored in reserved space on filesystem. To manage this:<br />
sudo tune2fs -m 0 <device> - frees up reserved space<br />
<br />
Edit /etc/sysctl.conf to reflect the following changes:<br />
<br />
net.ipv4.ip_forward = 0<br />
net.ipv4.conf.all.accept_source_route = 0<br />
net.ipv4.tcp_max_syn_backlog = 4096<br />
net.ipv4.conf.all.rp_filter = 1<br />
net.ipv4.tcp_syncookies = 1<br />
net.ipv4.conf.all.send_redirects = 0<br />
net.ipv4.conf.all.accept_redirects = 0<br />
net.ipv4.conf.default.accept_redirects = 0<br />
Save changes to /etc/sysctl.conf and perform the following functions:<br />
<br />
[root] # chown root:root /etc/sysctl.conf<br />
[root] # chmod 0600 /etc/sysctl.conf<br />
[root] # /etc/rc.d/init.d/network restart<br />
<br />
Brief examples of the changes made are outlined below. The appendix contains URLs that can be used to gain a further understanding of these defined parameters.<br />
<br />
net.ipv4.ip_forward = 0 – This parameter disables IP Forwarding. NOTE: IP Forwarding should be enabled (net.ipv4.ip_forward = 1) if the server will be acting as a gateway or router.<br />
net.ipv4.conf.all.accept_source_route = 0 – This parameter disables IP Source Routing.<br />
net.ipv4.tcp_max_syn_backlog = 4096 – This parameter enables SYN flood protection.<br />
net.ipv4.conf.all.rp_filter = 1 – This parameter enables IP Spoofing protection.<br />
net.ipv4.tcp_syncookies = 1 – This parameter enables TCP SYN Flood protection.<br />
net.ipv4.conf.all.send_redirects = 0 – This parameter disables the ability to send ICMP Redirects.<br />
net.ipv4.conf.all.accept_redirects = 0 – This parameter disables ICMP Redirect acceptance.<br />
net.ipv4.conf.default.accept_redirects = 0 – This is another parameter that disables ICMP Redirect acceptance.<br />
<br />
commands which may be security risks:<br />
finger<br />
w<br />
<br />
intruders may try to use a buffer overrun to create binary files owned by root with SUID<br />
use 'find / -type f -perm +4000' to search for files with SUID<br />
compare the list to a normal system to find suspicious files<br />
<br />
intruders might create a ~/.forward with an email address that forwards the user's mail to that address.<br />
eliminate this by creating an empty ~/.forward file owned by root and no rw permissions.<br />
<br />
</pre></div>Beard