Securing Slackware 10.1
Introduction
This document will start with a fresh install of Slackware 10.1 on a server. This install should be as bare as possible for the machine to perform its services.
Users and groups
Unused users in
/etc/passwd and groups in
/etc/group should be deleted. Some software, such as
sshd, will require dedicated users and groups.
utmp is an example group that is required for recording user login information. The
ps aux command will show you information about all the processes currently running the system. The first field in the list is the user who created the process. This list alone may not be sufficient, so refer to your software product's documentation to be sure.
File ownership should be adjusted using
chown and
chgrp before removing users.
Filesystems
Ownership
This script can be used to audit file ownership. It outputs file ownership and permissions information for each user and group on the system. Files will be placed in the current working directory using usrf.<username>-<timestamp> for users and grpf.<groupname>-<timestamp> for groups. Some files may be owned by a UID or GID that is not in /etc/passwd or /etc/group. This script will create usrf.NOUSER-<timestamp> and grpf.NOGROUP-<timestamp> for those files.
#!/bin/bash
AUDIT_TIME=`date +-%Y%m%d%H%M`
PASSWD_FILE="/etc/passwd"
GROUP_FILE="/etc/group"
# audit file ownership for all users
cat $PASSWD_FILE |
gawk 'BEGIN { FS = ":" } { print $1 }' |
xargs -i find / -user {} -fls usrf.{}$AUDIT_TIME
# audit files with no user owners
find / -nouser -fls usrf.NOUSER$AUDIT_TIME
# audit file ownership for all groups
cat $GROUP_FILE |
gawk 'BEGIN { FS = ":" } { print $1 }' |
xargs -i find / -group {} -fls grpf.{}$AUDIT_TIME
# audit files with no group owners
find / -nogroup -fls grpf.NOGROUP$AUDIT_TIME
This script will run best with root permissions. Try using sudo.
References