Product SiteDocumentation Site

Chapter 4. General Principles of Information Security

4.1. Tips, Guides, and Tools
The following general principals provide an overview of good security practices:

4.1. Tips, Guides, and Tools

The United States' National Security Agency (NSA) provides hardening guides and tips for many different operating systems, to help government agencies, businesses, and individuals secure their systems against attack. The following guides (in PDF format) provide guidance for Red Hat Enterprise Linux 5:
The Defense Information Systems Agency (DISA) provides documentation, checklists, and tests to help secure your system (Information Assurance Support Environment). The UNIX Security Technical Implementation Guide (PDF) is a very specific guide to UNIX security - an advanced knowledge of UNIX and Linux is recommended before reading this guide.
The DISA UNIX Security Checklist Version 5, Release 1.26 provides a collection of documents and checklists, ranging from the correct ownerships and modes for system files, to patch control.
Also, DISA has made available UNIX SRR scripts that allow administrators to check specific settings on systems. These scripts provide XML-formatted reports listing any known vulnerable settings.