Re: Securing Fedora Core 4
From: Michael Hallager (michael_at_networkstuff.co.nz)
Date: 09/22/05
- Previous message: AragonX: "Securing Fedora Core 4"
- In reply to: AragonX: "Securing Fedora Core 4"
- Next in thread: Glenn Valenta (HDNet): "Re: Securing Fedora Core 4"
- Reply: Glenn Valenta (HDNet): "Re: Securing Fedora Core 4"
- Reply: Nick Crawford: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-linux@securityfocus.com Date: Thu, 22 Sep 2005 18:17:58 +1200
Hello.
I suggest that rather then going in 'boots and all' that you take some time to
study and carefully consider the following:
1. What are the threats? (Threats aren't just network, they could be physical
as well)
2. What are the appropriate methodolgies for hardening against these threats?
3. And importantly - what is SECURITY?
SECURITY is more a mindset and manner of operation then it is installaing a
whole lot of software (which it appears doubtful to me that you understand
the scope and opperation of the software that you list)
Having a perception of security, if devoid of reality (which you can only
properly evaluate after careful consideration of points 1, 2 and 3 and a lot
of experience) could be more dangerous then just leaving your system alone.
Kind regards,
Michael Hallager
> I am trying develop a method to secure my servers. I'll list the steps I
> am going to take. Can you please review and make any additional
> suggestions. Thank you.
>
> Install & configure Tripwire http://sourceforge.net/projects/tripwire/
> Install & configure Snort http://www.snort.org/
> Install & configure Bastille http://www.bastille-linux.org/
> Install & configure LIDS http://www.lids.org/
> Install & configure modsecurity http://www.modsecurity.org/
> Install & configure chkrootkit http://www.chkrootkit.org/
> install dansguardian http://www.dansguardian.org
> install squid http://www.squid-cache.org/
> Install & configure DCC http://www.dcc-servers.net
> Install & configure Pyzor http://pyzor.sourceforge.net
> Install & configure Razor http://razor.sourceforge.net
> install & configure Clamav http://www.clamav.net
> Install & configure MailScanner http://www.sng.ecs.soton.ac.uk/mailscanner/
> Install & configure Ntop http://www.ntop.org/
> Install & configure Spamassassin http://spamassassin.apache.org/
> install root access email command
> create a seprate /tmp partition and mount noexec, nosuid
>
> Configure Apache
> configure for php safe mode
> configure /internal web directory w/ access from private network only
> configure /external web directory w/ password authentication
>
> Configure SSH
> respond on alternate port
> only allow me to logon
>
> Configure Fireall:
> only allow access to ssh from my domains
-- Michael Hallager networkStuff ltd www.networkstuff.co.nz | p.09.839.1000 | m.029.638.7883
- Previous message: AragonX: "Securing Fedora Core 4"
- In reply to: AragonX: "Securing Fedora Core 4"
- Next in thread: Glenn Valenta (HDNet): "Re: Securing Fedora Core 4"
- Reply: Glenn Valenta (HDNet): "Re: Securing Fedora Core 4"
- Reply: Nick Crawford: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
