Kernel 7

[+] Secure ISC BIND Template:
http://www.cymru.com/Documents/secure-bind-template.html

[+] Secure BGP Template for Cisco Routers:
http://www.cymru.com/Documents/secure-bgp-template.html

[+] Secure BGP Template for Juniper Routers:
http://www.cymru.com/gillsr/documents/junos-bgp-template.pdf

[+] Secure IOS Template:
http://www.cymru.com/Documents/secure-ios-template.html
http://wiki.nil.com/Router_security_template

[+] Secure JunOS Template:
http://www.cymru.com/gillsr/documents/junos-template.pdf

If you want to reveal hidden/illicit content (parasites) that hackers insert into benign web pages using various security holes, use the following site, you might just be surprised:

http://www.unmaskparasites.com/

If you would like to block an entire country from accessing a service, you can get the entire list from the following IPTables Country BlackList Generator:

http://blacklist.linuxadmin.org/

To reduce the risk of being scanned by script kiddies, tell you system to ignore ICMP ECHO Packets (PINGs):

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

RootKits might be in your system without you knowing it. Use one or both of these tools to check your system for RootKits:

[+] RootKitHunter “RKHunter”
yum install rkhunter
rkhunter –checkall

[+] CHKRootKit
yum install chkrootkit
chkrootkit

Securing RHEL 5 with the help of the NSA’s Guides for RHEL 5:

[+] Hardening Tips for the Red Hat Enterprise Linux 5
http://www.nsa.gov/snac/os/redhat/rhel5-pamphlet-i731.pdf

[+] Guide to the Secure Configuration of Red Hat Enterprise Linux 5
http://www.nsa.gov/snac/os/redhat/rhel5-guide-i731.pdf

Apply these permission/attributes, as “root“, to the system’s password files to tighten their security:

chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow