Protect system directories/etc and /home.
On any Linux system, the directory /etc contains important configuration files for vital system and application software components of your server. System components such as the host name, network services, list of hosts to allow or deny access, etc. all have their configuration files stored in /etc. Critical applications such as the secure shell (ssh), web server (apache), database server (mysql), scripting engine (php), etc. all have their configurations files stored in this directory.

For obvious reason, potential intruders often consider /etc one of the top directories to break in for a successful server compromise. Therefore, the next immediate step is to secure and guarantee the integrity of your server by making sure that these two directories are protected. It is important that this directory cannot be accessed by anyone without root authority (having to know the root password).

While logged in as root, issue the following two chmod commands to disable read and write access by anyone else (both groups users and other users).

[root@ ~]# chmod go-rw /etc
[root@ ~]# chmod go-rw /home

A protected /etc and /home should look like the following partial root directory listing. You should note that even though directory browsing is disabled (no read access), the execute permission is still present for anyone else. This setting allows a legitimate system or application process to reach its own configuration files inside either /home or /etc if the file name is explicitly specified.

[root@ ~]# ls / -alh
drwx--x--x 76 root root 4.0K Oct 2 08:38 etc
drwx--x--x 7 root root 4.0K Oct 12 04:40 home

The home directory of each Linux user is protected further by denying read, write, and execute permission to anyone else who is not the owner of the user's home directory. If a particular user is compromised in a security breach, the damages are limited to be within his or her home directory and the intruder cannot browse other home directories. You should set aside an user account with limited access rights to run important services or applications such as the web server and database server instead of giving them root authority. For example, if the apache web server and its php component are run as the user blee, compromised php scripts cannot access the contents of /etc and /home. Any unauthorized modifications are limited to the user directory /home/blee which can be detected quickly and restored easily.

[root@ ~]# ls /home/ -alh
total 20K
drwx--x--x 5 root root 4.0K 2008-10-15 08:29 .
drwxr-xr-x 23 root root 4.0K 2008-10-16 09:42 ..
drwx------ 17 johnlee johnlee 4.0K 2008-10-24 13:34 johnlee
drwx------ 2 brucelee brucelee 4.0K 2008-09-29 07:06 brucelee
drwx------ 50 blee blee 4.0K 2008-11-14 23:40 blee

Once protected, attempted access to these directories will be denied, even if the intruder may know the correct name of the subdirectory, as in the following example.

[brucelee@ ~]$ ls /etc/ -alh
ls: cannot open directory /etc/: Permission denied
[brucelee@ ~]$ ls /home/ -alh
ls: cannot open directory /home/: Permission denied
[brucelee@ ~]$ ls /home/blee -alh
ls: cannot open directory /home/blee/: Permission denied