Re: Securing Fedora Core 4

From: AragonX (aragonx_at_dcsnow.com)
Date: 09/22/05

  • Next message: Syn Ack: "Re: Securing Fedora Core 4"
    Date: Thu, 22 Sep 2005 08:32:03 -0400 (EDT)
    To: focus-linux@securityfocus.com
    
    

    <quote who="Syn Ack">
    > Hello AragonX,
    > I will add these steps to the list:
    > - Only allow ssh V.2

    I'm pretty sure this is the default. I haven't need to make this change
    since FC2 I think.

    > - Deny root ssh logins

    This was implied by "only allow me to logon". What I should have written
    is "Only allow my account to logon". lol

    > - Allow only ssh login with pub/priv keys and secure your priv key on
    > a encrypted filesystem on a USB key

    This is a great idea but I'm unable to implement it. Many of the machines
    I end up using don't have USB. :(

    > -Turn off all unneeded services
    > - Remove all unneeded binaries

    Yes, I will add "Install only needed apps." I do this anyway but I should
    list it.

    > - If you need to access the server from outside your privatenet use
    > ipsec, openvpn or something related.

    SSH is not enough? I only need shell access remotely.

    > - If data integrity is of interest use a journalized filesystem for
    > both metadata AND data (by default ext3 put only metadata in the
    > journal), LVM and RAID5 and pay attention to SMART

    Humm. I'll have to research this one. I was not aware of that limitation
    for EXT3.

    > It's what I think at the moment. Some of these steps seems really
    > obvious but peoples tend to forget obvious things sometime.
    > Take care,

    Thank you for the tips.


  • Next message: Syn Ack: "Re: Securing Fedora Core 4"