Chapter 11. Unix and Linux Bastion Hosts
This chapter discusses the details of configuring Unix for use in a firewall environment, building on the principles discussed in Chapter 10, "Bastion Hosts". You should be sure to read both chapters before attempting to build a bastion host. As usual, we use the word "Unix" for both Unix and Linux, except when we explicitly say otherwise.
Contents:Which Version of Unix?
Disabling Nonrequired Services
Installing and Modifying Services
Reconfiguring for Production
Running a Security Audit
It's impossible to give complete instructions on how to configure any given machine; the details vary greatly depending on what version of Unix you're running and exactly what you intend to do with the machine. This chapter is intended to give you an outline of what needs to be done, and how to figure out how to do it. For more complete configuration details, you will need to look at resources that are specific to your platform.
11.1. Which Version of Unix?Which version of Unix should you choose? You want to balance what you're familiar with against which tools are available for which versions. If your site already uses one version of Unix, you will most likely want to use that version. If your site has some familiarity with several versions of Unix, and the relevant tools (discussed throughout this chapter) and support are available for all of them, use the least popular one that you still like. Doing so maximizes your happiness and minimizes the likelihood that attackers have precompiled ways of attacking your bastion host. If you have no Unix familiarity, choose any version you like, provided that it is in reasonably widespread use (you don't want "Joe's Unix, special today $9.95"). As a rule of thumb, if your chosen version of Unix has a user's group associated with it, it's probably well-known enough to rely on.
Although Unix suppliers differ vastly in their openness about security issues, the difference in the actual security between different general-purpose versions of Unix is much smaller. Don't assume that the publicity given to security holes reflects the number of security holes; it's a more accurate reflection of the popularity of the operating system and the willingness of a vendor to admit and fix security problems. Don't assume that proprietary versions of Unix are more secure than open source versions, either; paying money to a vendor doesn't guarantee that they care about security, only that they care about money. Ironically, the operating systems with the most worrisome tales may be the most secure ones, because they're the ones getting fixed.
Some versions of Unix are particularly designed for security and are therefore particularly suited for use in bastion hosts. "Designed for security" means different things to different vendors. It ranges from relatively minor changes to the packages that are installed (for instance, the Debian Linux distribution tries to install securely, and the SuSE Linux distribution provides a post installation security script) to major changes to the internals (for instance, OpenBSD has made significant changes to all parts of the operating system).
Several commercial vendors offer secure versions of their operating systems that are designed to meet government security needs. These versions usually lag behind the main releases (the government approval process is slow) and may not support all the add-on products that the main releases do. On the other hand, the auditing capabilities they offer are useful for bastion hosts. If you can afford the extra cost and the delayed release schedule, these operating systems are a good choice for bastion hosts.
Copyright © 2002 O'Reilly & Associates. All rights reserved.