Re: Securing Fedora Core 4
From: AragonX (aragonx_at_dcsnow.com)
Date: Thu, 22 Sep 2005 08:32:03 -0400 (EDT) To: firstname.lastname@example.org
<quote who="Syn Ack">
> Hello AragonX,
> I will add these steps to the list:
> - Only allow ssh V.2
I'm pretty sure this is the default. I haven't need to make this change
since FC2 I think.
> - Deny root ssh logins
This was implied by "only allow me to logon". What I should have written
is "Only allow my account to logon". lol
> - Allow only ssh login with pub/priv keys and secure your priv key on
> a encrypted filesystem on a USB key
This is a great idea but I'm unable to implement it. Many of the machines
I end up using don't have USB. :(
> -Turn off all unneeded services
> - Remove all unneeded binaries
Yes, I will add "Install only needed apps." I do this anyway but I should
> - If you need to access the server from outside your privatenet use
> ipsec, openvpn or something related.
SSH is not enough? I only need shell access remotely.
> - If data integrity is of interest use a journalized filesystem for
> both metadata AND data (by default ext3 put only metadata in the
> journal), LVM and RAID5 and pay attention to SMART
Humm. I'll have to research this one. I was not aware of that limitation
> It's what I think at the moment. Some of these steps seems really
> obvious but peoples tend to forget obvious things sometime.
> Take care,
Thank you for the tips.