This document covers some of the main issues that affect Linux security. General philosophy and net-born resources are discussed.
A number of other HOWTO documents overlap with security issues, and those documents have been pointed to wherever appropriate.
This document is not meant to be a up-to-date exploits document. Large numbers of new exploits happen all the time. This document will tell you where to look for such up-to-date information, and will give some general methods to prevent such exploits from taking place.
New versions of this document will be periodically posted to comp.os.linux.answers. They will also be added to the various sites that archive such information, including:
In addition, you should generally be able to find this document on the Linux World Wide Web home page via:
http://metalab.unc.edu/mdw/linux.html
Finally, the very latest version of this document should also be available in various formats from:
http://scrye.com/~kevin/lsh/
or
http://www.linuxsecurity.com/Security-HOWTO
or
http://www.tummy.com/security-howto
All comments, error reports, additional information and criticism of all sorts should be directed to:
and
Note: Please send your feedback to both authors. Also, be sure and include "Linux" "security", or "HOWTO" in your subject to avoid Kevin's spam filter.
No liability for the contents of this document can be accepted. Use the concepts, examples and other content at your own risk. Additionally, this is an early version, possibly with many inaccuracies or errors.
A number of the examples and descriptions use the RedHat(tm) package layout and system setup. Your mileage may vary.
As far as we know, only programs that, under certain terms may be used or evaluated for personal purposes will be described. Most of the programs will be available, complete with source, under GNU terms.
This document is copyrighted (c)1998-2000 Kevin Fenzi and Dave Wreski, and distributed under the following terms: