website view en/doc/handbook/security.html @ rev 49
Add Security to Handbook (en)
| author | Paul Issott <paul@slitaz.org> |
|---|---|
| date | Sun May 18 22:50:22 2008 +0000 (2008-05-18) |
| parents | |
| children | f0c0c73578c0 |
line source
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>SliTaz Handbook (en) - Template</title>
6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
7 <meta name="description" content="slitaz English handbook" />
8 <meta name="expires" content="never" />
9 <meta name="modified" content="2008-02-26 18:30:00" />
10 <meta name="publisher" content="www.slitaz.org" />
11 <meta name="author" content="Christophe Lincoln" />
12 <link rel="shortcut icon" href="favicon.ico" />
13 <link rel="stylesheet" type="text/css" href="book.css" /></head><body bgcolor="#ffffff">
15 <!-- Header and quick navigation -->
16 <div id="header">
17 <div id="quicknav" align="right">
18 <a name="top"></a>
19 <a href="index.html">Table of contents</a>
20 </div>
21 <h1><font color="#3e1220">SliTaz Handbook (en)</font></h1>
22 </div>
24 <!-- Content. -->
25 <div id="content">
26 <div class="content-right"></div>
28 <h2><font color="#df8f06">SliTaz and System Security</font></h2>
30 <ul>
31 <li><a href="#policy">Security Policy</a></li>
32 <li><a href="#root">Root</a> - The system administrator.</li>
33 <li><a href="#passwords">Passwords</a></li>
34 <li><a href="#busybox">Busybox</a> - Configuration file /etc/busybox.conf.</li>
35 <li><a href="#web-server">LightTPD web server</a> - Disable the LightTPD web server.</li>
36 <li><a href="#ssh">SSH server</a> - Default options.</li>
37 <li><a href="#pscan">Pscan</a> - Scan for open ports.</li>
38 <li><a href="network-config.html#firewall">Firewall (Iptables)</a> -
39 The network firewall.</li>
40 </ul>
42 <a name="policy"></a>
43 <h3>Security Policy</h3>
44 <p>
45 SliTaz has given a lot of consideration to system security. Applications are tested for many months before being
46 included in the distribution. At boot time, a minimum of services are launched by the rc scripts. For a complete
47 lists of daemons enabled, you can look in the <code>RUN_DAEMONS</code> variable in the <code>/etc/rcS.conf</code> configuration
48 file:
49 </p>
50 <pre> $ cat /etc/rcS.conf | grep RUN_DAEMONS
51 </pre>
52 <p>
53 To view the actual processes, their PID and memory usage, you can use the 'ps' command or the 'htop'
54 utility:
55 </p>
56 <pre> $ ps
57 $ htop
58 </pre>
60 <a name="root"></a>
61 <h3>Root - The system administrator</h3>
62 <p>
63 In a GNU/Linux system, the <em>root</em> user is the system administrator, <em>root</em> has all the rights
64 to the system files and that of the users. It is advisable never to log in as <em>root</em> by using the command
65 <code>su</code> followed by the password to obtain absolute rights over the system. Never log in as <em>root</em> and surf the
66 internet for example, this allows you to create a double barrier in the case of an attack or intrusion after a
67 download. This makes it harder for a <em>cracker</em> to take control of your machine - first he must crack your
68 password and then crack the <em>root</em> password of the system administrator.
69 </p>
70 <p>
71 A GNU/Linux system has secured at least two users, one to work and one to administer, configure
72 or update the system (<code>root</code>). It's also advisable to entrust the administration of the
73 system to a person.
74 </p>
76 <a name="passwords"></a>
77 <h3>Passwords</h3>
78 <p>
79 By default the SliTaz user <em>hacker</em> doesn't have a password and the system administrator <em>root</em>
80 comes with the password (<em>root</em>). You can easily change these by using the <code>passwd</code> command:
81 </p>
82 <pre> $ passwd
83 # passwd
84 </pre>
86 <a name="busybox"></a>
87 <h3>Busybox</h3>
88 <p>
89 The file busybox.conf configures the applets and their respective rights. On the SliTaz LiveCD the commands:
90 su, passwd, loadkmap, mount, reboot and halt can be initiated by all users - the owner and group of these
91 commands is <em>root</em> (<code>* = ssx root.root</code>). The busybox.conf file is readable by root,
92 using the rights 600. Note that the <code>passwd</code> command will not allow users to change their own password
93 if it is not ssx.
94 </p>
96 <a name="web-server"></a>
97 <h3>LightTPD web server</h3>
98 <p>
99 On SliTaz the LightTPD web server is enabled by default at system startup, if you don't intend to use SliTaz in a server
100 environment, you can safely disable it by removing it from the <code>RUN_DAEMONS</code> variable in the
101 <code>/etc/rcS.conf</code> configuration file or to stop it manually:
102 </p>
103 <pre> # etc/init.d/lighttpd stop
104 </pre>
106 <a name="ssh"></a>
107 <h3>SSH Server</h3>
108 <p>
109 This small section is a compliment to the
110 <a href="secure-server.html">Secure SHell (SSH)</a> page.
111 On SliTaz the Dropbear SSH server is not run by default, we must add it to the variable
112 <code>RUN_DAEMONS</code> in the configuration file <code>/etc/rcS.conf</code> for it to be
113 enabled at system boot. Or to start the server manually:
114 </p>
115 <pre> # /etc/init.d/dropbear start
116 </pre>
117 <p>
118 By default Dropbear is launched with the following options:
119 </p>
120 <pre class="script"> -w Disallow root logins.
121 -g Disallow logins for root password.
122 </pre>
123 <p>
124 You can add new options by editing the daemons configuration file: <code>/etc/daemons.conf</code>.
125 For all options, you can type: <code>dropbear -h</code>.
126 </p>
128 <a name="pscan"></a>
129 <h3>Pscan - Ports scanner</h3>
130 <p>
131 Pscan is a small utility of the Busybox project, it scans the ports of your machine. You can use
132 <code>pscan</code> to scan the localhost or a remote host using the name or IP address of the machine.
133 Pscan will test all the ports from 1 - 1024 by default and list those that are open, their protocol
134 and associated service (ssh, www, etc):
135 </p>
136 <pre> $ pscan localhost
137 </pre>
139 <!-- End of content -->
140 </div>
142 <!-- Footer. -->
143 <div id="footer">
144 <div class="footer-right"></div>
145 <a href="#top">Top of the page</a> |
146 <a href="http://www.slitaz.org/en/doc/handbook/index.html">Table of contents</a>
147 </div>
149 <div id="copy">
150 Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
151 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
152 Documentation is under
153 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
154 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
155 </div>
157 </body></html>