Security Help for Linux System Administrators

by Martin Houston There are now two mailing lists on the net for the purpose of discussing issues of the security of Linux systems: preventing abuse by a systems own users and by outside hackers. The linux-security (Moderated by Olaf Kirch and Jeff Uphoff) list is for general discussions about Linux specific security problems; security holes in the Linux NFS implementation for example. The moderators have asked that security issues that are generally applicable to Unix systems as a whole not be discussed as there are more general Usenet conferences that are applicable.

The linux-alert mailing list is for the broadcast of alerts about serious security flaws that have been discovered and need prompt action from system administrators. You will be relieved to know that traffic on this list is very light. I would recommend that anyone in charge of a linux system that a large number of users or the general public over the net has access to at least subscribes to the linux-alert list and scans the archives of the more busy linux-security.

How to join the lists

Send mail to with a body of:
subscribe linux-alert (your full email address here)
subscribe linux-security (your full email address here)

To stop receiving mail from the list just repeat the process but say "unsubscribe" instead of "subscribe".

Availability of list archives

The archives of the Linux-security mailing lists: are now available via anonymous FTP under:

Also linux-security and linux-alert archives are now available at Connect to:

A few points to ponder

The availability of all source means that with a vigilant and professional system administrator Linux can be used for very secure systems. Having source means that security fixes can be circulated and applied quickly to plug any holes that could allow people to break into systems. Common sense rules apply if you are looking after a Linux system used by others: