Re: Securing Fedora Core 4
From: Glenn Valenta (HDNet) (gvalenta_at_hd.net)
Date: 09/23/05
- Previous message: lars_at_levonline.com: "Re: Securing Fedora Core 4"
- In reply to: Michael Hallager: "Re: Securing Fedora Core 4"
- Next in thread: Michael Hallager: "Re: Securing Fedora Core 4"
- Reply: Michael Hallager: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Sep 2005 23:54:42 -0600 To: michael@networkstuff.co.nz
I Concur!
It's nice to see someone with a sense of sanity to security. Also
remember that these tools will need to be maintained. The logs reviewed
often.
Michael Hallager wrote:
> Hello.
>
> I suggest that rather then going in 'boots and all' that you take some time to
> study and carefully consider the following:
>
> 1. What are the threats? (Threats aren't just network, they could be physical
> as well)
> 2. What are the appropriate methodolgies for hardening against these threats?
> 3. And importantly - what is SECURITY?
> SECURITY is more a mindset and manner of operation then it is installaing a
> whole lot of software (which it appears doubtful to me that you understand
> the scope and opperation of the software that you list)
>
> Having a perception of security, if devoid of reality (which you can only
> properly evaluate after careful consideration of points 1, 2 and 3 and a lot
> of experience) could be more dangerous then just leaving your system alone.
>
> Kind regards,
>
> Michael Hallager
>
>
>>I am trying develop a method to secure my servers. I'll list the steps I
>>am going to take. Can you please review and make any additional
>>suggestions. Thank you.
>>
>>Install & configure Tripwire http://sourceforge.net/projects/tripwire/
>>Install & configure Snort http://www.snort.org/
>>Install & configure Bastille http://www.bastille-linux.org/
>>Install & configure LIDS http://www.lids.org/
>>Install & configure modsecurity http://www.modsecurity.org/
>>Install & configure chkrootkit http://www.chkrootkit.org/
>>install dansguardian http://www.dansguardian.org
>>install squid http://www.squid-cache.org/
>>Install & configure DCC http://www.dcc-servers.net
>>Install & configure Pyzor http://pyzor.sourceforge.net
>>Install & configure Razor http://razor.sourceforge.net
>>install & configure Clamav http://www.clamav.net
>>Install & configure MailScanner http://www.sng.ecs.soton.ac.uk/mailscanner/
>>Install & configure Ntop http://www.ntop.org/
>>Install & configure Spamassassin http://spamassassin.apache.org/
>>install root access email command
>>create a seprate /tmp partition and mount noexec, nosuid
>>
>> Configure Apache
>>configure for php safe mode
>>configure /internal web directory w/ access from private network only
>>configure /external web directory w/ password authentication
>>
>> Configure SSH
>>respond on alternate port
>>only allow me to logon
>>
>> Configure Fireall:
>>only allow access to ssh from my domains
>
>
-- Glenn Valenta Phone# 303-388-8500 Engineering http://www.hd.net http://www.coloradostudios.com 2400 N. Ulster St. Denver, Co. 80238 gvalenta@hd.net (direct) 303-542-5532 (Fax) 303-388-9600
- Previous message: lars_at_levonline.com: "Re: Securing Fedora Core 4"
- In reply to: Michael Hallager: "Re: Securing Fedora Core 4"
- Next in thread: Michael Hallager: "Re: Securing Fedora Core 4"
- Reply: Michael Hallager: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
