Re: Securing Fedora Core 4

From: Michael Hallager (michael_at_networkstuff.co.nz)
Date: 09/22/05

  • Next message: Charles Heselton: "RE: Securing Fedora Core 4"
    To: focus-linux@securityfocus.com
    Date: Thu, 22 Sep 2005 18:17:58 +1200
    
    

    Hello.

    I suggest that rather then going in 'boots and all' that you take some time to
    study and carefully consider the following:

    1. What are the threats? (Threats aren't just network, they could be physical
    as well)
    2. What are the appropriate methodolgies for hardening against these threats?
    3. And importantly - what is SECURITY?
    SECURITY is more a mindset and manner of operation then it is installaing a
    whole lot of software (which it appears doubtful to me that you understand
    the scope and opperation of the software that you list)

    Having a perception of security, if devoid of reality (which you can only
    properly evaluate after careful consideration of points 1, 2 and 3 and a lot
    of experience) could be more dangerous then just leaving your system alone.

    Kind regards,

    Michael Hallager

    > I am trying develop a method to secure my servers. I'll list the steps I
    > am going to take. Can you please review and make any additional
    > suggestions. Thank you.
    >
    > Install & configure Tripwire http://sourceforge.net/projects/tripwire/
    > Install & configure Snort http://www.snort.org/
    > Install & configure Bastille http://www.bastille-linux.org/
    > Install & configure LIDS http://www.lids.org/
    > Install & configure modsecurity http://www.modsecurity.org/
    > Install & configure chkrootkit http://www.chkrootkit.org/
    > install dansguardian http://www.dansguardian.org
    > install squid http://www.squid-cache.org/
    > Install & configure DCC http://www.dcc-servers.net
    > Install & configure Pyzor http://pyzor.sourceforge.net
    > Install & configure Razor http://razor.sourceforge.net
    > install & configure Clamav http://www.clamav.net
    > Install & configure MailScanner http://www.sng.ecs.soton.ac.uk/mailscanner/
    > Install & configure Ntop http://www.ntop.org/
    > Install & configure Spamassassin http://spamassassin.apache.org/
    > install root access email command
    > create a seprate /tmp partition and mount noexec, nosuid
    >
    > Configure Apache
    > configure for php safe mode
    > configure /internal web directory w/ access from private network only
    > configure /external web directory w/ password authentication
    >
    > Configure SSH
    > respond on alternate port
    > only allow me to logon
    >
    > Configure Fireall:
    > only allow access to ssh from my domains

    -- 
    Michael Hallager
    networkStuff ltd
    www.networkstuff.co.nz | p.09.839.1000 | m.029.638.7883
    

  • Next message: Charles Heselton: "RE: Securing Fedora Core 4"

    Relevant Pages

    • New Mars probe ready for launch
      ... 'Threats to UK security' detained ... Ten foreign nationals who "threaten security" are held in raids, ... the BBC learns. ... Iran's resumption of nuclear activities. ...
      (soc.culture.cuba)
    • New Mars probe ready for launch
      ... Nasa clears its latest Mars probe for lift-off on Thursday, ... 'Threats to UK security' detained ... Ten foreign nationals who "threaten security" are held in raids, ... Iran's resumption of nuclear activities. ...
      (soc.culture.cuba)
    • Re: Six emerging threats to Britain
      ... It is highly critical of the way Britain's security is being managed. ... Defence and security must be ... How to realign our defence effort to changing risks and threats is not ... Islamist terrorism, but there are many others) which has so destabilised ...
      (uk.politics.misc)
    • Six emerging threats to Britain
      ... It is highly critical of the way Britain's security is being managed. ... Defence and security must be ... turning risks into threats. ... How to realign our defence effort to changing risks and threats is not ...
      (uk.politics.misc)
    • RE: [Full-Disclosure] Alleged IT security extortion plot against BestBuy.com
      ... Senior Security Researcher ... Feds thwart extortion plot against Best Buy ... Ray faces two felony charges of making extortion threats to damage ...
      (Full-Disclosure)