Re: Securing Fedora Core 4

From: Syn Ack (thin.hack_at_gmail.com)
Date: 09/23/05

  • Next message: Martijn Feleus: "Re: Securing Fedora Core 4"
    Date: Fri, 23 Sep 2005 09:05:18 +0200
    To: AragonX <aragonx@dcsnow.com>
    
    

    > > - Only allow ssh V.2
    >
    > I'm pretty sure this is the default. I haven't need to make this change
    > since FC2 I think.

    I'm not sure for FC4 I don't have a fresh install to check now but in
    FC3 sshd config comes with the line "Protocol 2, 1" in it who mean
    prefer protocol 2 if possible but accept protocol 1 if the client
    don't support protocol 2. I always change this to "Protocol 2" to
    accept only protocol 2 so protocol 1 clients can't connect. Take a
    look at this and please let me know how it's configured in FC4.

    > > - If you need to access the server from outside your privatenet use
    > > ipsec, openvpn or something related.
    >
    > SSH is not enough? I only need shell access remotely.

    Of course ssh is enough if you only need shell access. But often I
    need other services at some point so i prefer having openvpn installed
    even if not running. So when i'm away from the server and need an
    other service a can fire it up.

    > > - If data integrity is of interest use a journalized filesystem for
    > > both metadata AND data (by default ext3 put only metadata in the
    > > journal), LVM and RAID5 and pay attention to SMART
    >
    > Humm. I'll have to research this one. I was not aware of that limitation
    > for EXT3.

    use "mount -o data=journal /device /mountpoint" for mounting the
    device or add data=journal in the fstab to do this.

    Take care,

    Dodoche


  • Next message: Martijn Feleus: "Re: Securing Fedora Core 4"