The team at InterSect Alliance has developed recommended security configuration guides for the Linux operating system for various customers, and has decided to provide the community with access to the more general recommendations.
Included here as a security checklist for the Linux Operating System (distribution independent) that is designed to provide security administrators with a method of configuring an installation based on the agreed security risk profile of the target system.
The security configuration document divides recommendations into levels "Premium", "Standard", and "Basic", and covers a variety of installation, configuration and ongoing management tasks, including:
* Initial Installation
* Network Services
* System Accounts and User Rights
* File and Object Access
* Network Access Control
* System Auditing
The following is a recommended security checklist for Linux hosts. This document should be used as a guide to the installation and configuration of Linux Servers and Workstations in conjunction with an agreed security plan for the identified system. The document is designed for use by experienced IT administrators.
Some of the settings may be dependant on the patch levels of the components in use, and therefore differences may exist between this document and the actual file paths and access control settings on your machine. Users are encouraged to notify Intersect Alliance of any errors or omissions.
The security configuration parameters that are graded according to arbitrary levels of PREMIUM, STANDARD or BASIC. These ratings are relative and should not be read in absolute terms. A number of security grades refer to a "risk assessment". It is strongly recommended that a security risk assessment be used to ensure that the most appropriate grade is chosen for a given production environment.