1. Home
  2. Linux systems
  3. Ppractical unix & internet security

A.7 Chapter 6: Filesystems and Security

  • Learn about the useful options to your version of the ls command.

  • If your system has access control lists (ACLs), learn how to use them. Remember: do not depend on ACLs to protect files on NFS partitions.

  • Set your umask to an appropriate value (e.g., 027 or 077).

  • Never write SUID/SGID shell scripts.

  • Periodically scan your system for SUID/SGID files.

  • Disable SUID on disk partition mounts (local and remote) unless it is necessary.

  • Determine if write, chmod, chown, and chgrp operations on files clear the SUID/SGID bits on your system. Get in the habit of checking files based on this information.

  • Scan for device files on your system. Check their ownerships and permissions to ensure that they are reasonable.

  • Consider using a cryptographic filesystem for sensitive data.



    		Preface
    		Part I: Computer Security Basics
    		Part II: Security Building Blocks
    		Part III: Network and Internet Security
    		Part IV: Secure Operations
    		Part V: Handling Security Incidents
    		Part VI: Appendixes
    		Appendix A. Unix Security Checklist
    		A.1 Preface
    		A.2 Chapter 1: Introduction: Some Fundamental Questions
    		A.3 Chapter 2: Unix History and Lineage
    		A.4 Chapter 3: Policies and Guidelines
    		A.5 Chapter 4: Users, Passwords, and Authentication
    		A.6 Chapter 5: Users, Groups, and the Superuser
    		A.7 Chapter 6: Filesystems and Security
    		A.8 Chapter 7: Cryptography Basics
    		A.9 Chapter 8: Physical Security for Servers
    		A.10 Chapter 9: Personnel Security
    		A.11 Chapter 10: Modems and Dialup Security
    		A.12 Chapter 11: TCP/IP Networks
    		A.13 Chapter 12: Securing TCP and UDP Services
    		A.14 Chapter 13: Sun RPC
    		A.15 Chapter 14: Network-Based Authentication Systems
    		A.16 Chapter 15: Network Filesystems
    		A.17 Chapter 16: Secure Programming Techniques
    		A.18 Chapter 17: Keeping Up to Date
    		A.19 Chapter 18: Backups
    		A.20 Chapter 19: Defending Accounts
    		A.21 Chapter 20: Integrity Management
    		A.22 Chapter 21: Auditing, Logging, and Forensics
    		A.23 Chapter 22: Discovering a Break-In
    		A.24 Chapter 23: Protecting Against Programmed Threats
    		A.25 Chapter 24: Denial of Service Attacks and Solutions
    		A.26 Chapter 25: Computer Crime
    		A.27 Chapter 26: Who Do You Trust?
    		A.28 Appendix A: Unix Security Checklist
    		A.29 Appendix B: Unix Processes
    		A.30 Appendixes C, D, and E: Paper Sources, Electronic Sources, and Organizations
    		Appendix B. Unix Processes
    		Appendix C. Paper Sources
    		Appendix D. Electronic Resources
    		Appendix E. Organizations
    		Colophon