Re: Securing Fedora Core 4
From: Michael Hallager (sf_at_networkstugfff.co.nz)
Date: 09/23/05
- Previous message: Glenn Valenta (HDNet): "Re: Securing Fedora Core 4"
- In reply to: Glenn Valenta (HDNet): "Re: Securing Fedora Core 4"
- Next in thread: Nick Crawford: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: glenn@coloradostudios.com, focus-linux@securityfocus.com Date: Fri, 23 Sep 2005 18:13:33 +1200
> I Concur!
> It's nice to see someone with a sense of sanity to security. Also
> remember that these tools will need to be maintained. The logs reviewed
> often.
Ok. I read a few replies and thought I might give some pointers. Note: This is
NOT by any standards a exaustive list, merely a 'getting started guide'.
1. Start with the latest stable distribution of your chosen flavor of Linux.
- Use this to do a clean install.
- Do not install all of the packages and certainly do not install X-Windows
(Aka KDE Gnome or any other skin for X)
2. Download the latest stable releases as source of your www accessible
daemons. (DNS, HTTP, SSH etc) Install these as source. If you do not know how
to compile these correctly it is better you learn first or at least make sure
that you are getting the latest version !!!
** Do not trust the Linux vendor to provide you the latest stable versions by
default **
While I am on this subject make sure that OpenSSL and Zlib lib's are up to
date. These software have a reputation and lots of stuff relies on them.
Only run what you need to run and use sensible settings.
- Only allowing unpriv users to SSH is a good idea.
- Running seperate authoritive and caching NS is a good idea.
- Installing IP tables is a good idea.
Running all sorts of crap is not a good idea.
Now on the subject of mindset, here are some good pointers:
1. Running games or IRC servers is like a magnet for trouble.
2. Hosting hate sites or anything attractive to troubled people is a bad idea.
3. Sex sites are also dumb.
And consider - is my server phsically secure? Do I trust my employees (If
applicable). Do not talk about your systems or security measures with people
unless they need to know AND you really trust them.
KEEP YOUIR MACHINE UP TO DATE. Check at least once a day for updates.
What I have advised you here is 9/10.
Take the rest one step at a time, and remember 1. your security is only as
good as the weakest link 2. threats some from many places. be aware.
Have fun.
Michael Hallager
networkStuff ltd
www.networkstuff.co.nz | p.09.839.1000 | m.029.638.7883
Australia, New Zealand, Ireland, South Africa, Israel & Samoa.
- Previous message: Glenn Valenta (HDNet): "Re: Securing Fedora Core 4"
- In reply to: Glenn Valenta (HDNet): "Re: Securing Fedora Core 4"
- Next in thread: Nick Crawford: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
