While this won't be as complete as a full audit by any means, these steps should help you catch a large number of items for which you should be on a constant lookout at the host level.

Step 1: Check the Firewall
Firewall configuration is almost an art. If you're too lax, you run the risk of letting in something that shouldn't get through -- and if that's the case, you might as well not have a firewall at all. On the other hand, if you tighten up the firewall too much, the system becomes unusable and you spend a lot of time responding to user issues. You should recognize that the ideal setting will be different for every network and situation.

Even after you have the settings perfect, however, you shouldn't assume that they'll remain that way forever. Every so often, you should revisit the settings, and don't be alarmed when dialog boxes -- like the one shown in Figure 1 -- appear.

[Click on image for larger view.]

Figure 1. A dialog box in Fedora indicates an inconsistency in the firewall configuration

In this case, clicking OK starts the Firewall Configuration Startup that allows you to define which services are trusted (as shown in Figure 2). In Fedora, you can click on the Wizard button and walk through the configuration in a very short time, choosing your skill level as you go.

[Click on image for larger view.]

Figure 2. Verify which services are to be trusted.

Step 2: Check the Services
After seeing what services are allowed through the firewall, take a moment to double-check the services you're running. Not every threat comes from outside the network.

Figure 3 shows the Service Configuration utility in Fedora. From this interface, you can start, stop or restart a service, as well as configure whether it will run and at what runlevel. If there's a question as to whether a service is needed or not, turn it off and see if there are any negative side-effects. You should always try to run only the services that you need.

[Click on image for larger view.]

Figure 3. Verify which services should be allowed to run.

The On Demand Services tab visible in Figure 3 only shows services that are started on demand (dependent upon xinetd) and will often be empty.

Step 3: Check the Authentication
Once you know what services are running and the way in which they can be accessed, the next question should be how you are verifying users.

Authentication Configuration, shown in Figure 4, allows you to specify the type/level of authentication that will be used. Having the "Authenticate system accounts by network services" box checked will allow network services (LDAP/Kerberos) to authenticate system accounts, including root.

[Click on image for larger view.]

Figure 4. Verify the type of authentication that will be used.

Step 4: Monitor the Logs
One of the biggest recent advances in security has been the inclusion of Security-Enhanced Linux (SELinux) in many distributions, including Fedora. Not only does SELinux make configuration simpler, but it also catches events through the Audit Listener and alerts you when questionable things occur.

Some of these events (most of them, with any luck) are harmless and require no action on your part, while others should make the hair on the back of your neck stand up. The only way to know under which category an event falls is to actually read the information about what has occurred.

As opposed to some event tools, the summary, description and information shown in the setroubleshoot browser (see Figure 5) is usually enough for you to fully understand what has occurred without needing to turn to reference books or other sources.

[Click on image for larger view.]

Figure 5. Read the events and understand what's being flagged so you can respond to small problems -- keep them small.

Step 5: Apply the Updates
As simple as it may sound, there's a reason for every security update. One of the best tools you have at your disposal is a system that's current, with all updates and patches applied. Fedora, and most other distributions, have update features built into them (see Figure 6). Once you're notified that updates exist, apply them as soon as you can.

[Click on image for larger view.]

Figure 6. Install all security updates and keep your system current.

Because it takes time to resolve dependencies, download packages and apply the updates, this may not be something you can do every time an update is released. However, you should make a habit of allowing no more than one week to go by without running the package updater.

The five steps outlined in this column are very simple and take only a matter of minutes -- at most -- to walk through. As a matter of routine, though, you should walk through each step for every Linux host you're responsible for.