Securing Gentoo

[DanZ]

I'm looking for advice, tips and tricks to securing Gentoo. I'm real good at locking down Windows, but I'm a linux nub so I could use some help here. I've heard of logsentry and chkootkit, are these recommended and what other tools would round out a secure system?

[kashani]

You'll want to checkout the security guide.
http://www.gentoo.org/doc/en/gentoo-security.xml

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[DaMightyWhightyMan]

Depends on how hardcore you want security. My gentoo servers are Gentoo SELinux /w a grsecurity enabled kernel. I run all my services in a chroot environment etc etc, as kashani linked you to the gentoo-security guide, that's a good place to start. If you're just looking to firewall your connection, iptables is sufficent for moderate securing. Chkootkit is good to check to see if a rogue user is trying to run a root kit, only nessesary if you have users that you think plan on harming you.

[tuxmin]

I made some good experiences with the hardend gentoo profile and grsecurity enabled. I do not use grsecuritys RSBAC subsystem, tghough. But I'd say this is a good compromise between security and usability.
The point is that hardened-gentoo provides you with a transparent mechanism that enables you to take fully advantage of grsecurity's PIE and ASLR feature. PIE stands for Position Independant Executable and ASLR means Address Space Layout Randomozation. Together with the --fstack-protector CFLAG in your make.conf you have done the best to avoid buffer overflow attacks to be succesful.
Read the docs at www.grsecurity.net and pax.grsecurity.net for more insight.
I find this succicent for server systems where only administrative staff is meant to login. However, you might want to activate RSBAC when lots of wanna-be hackers are authorized to connect to the system.
_________________
ALT-F4