Securing Unix Systems Copyright (c) 2008 Jerry Y. Wang Install: 1) Use good passwords: mixed case, alphanumeric, long, unpronounceable. 2) Kill inetd and disable it in the init scripts. 3) Kill unnecessary processes and disable them in the init scripts. 4) Ensure that "netstat -na" shows no open ports. 5) Install all vendor patches and updates, then reboot. Re-verify #4. 6) If you need remote access, install and run the latest OpenSSH. 7) If there is more than one user, install and use the latest sudo. Maintain: 1) Check regularly: which ports are open, which processes are running. 2) Keep all software updated. 3) Make regular backups and store them securely. 4) Monitor all system and application logs. 5) Scan regularly with Nessus. 6) Run password crackers regularly. Age all passwords. 7) Keep up with relevant mailing lists (e.g. BugTraq).