Re: Securing Fedora Core 4
From: Syn Ack (thin.hack_at_gmail.com)
Date: Fri, 23 Sep 2005 09:05:18 +0200 To: AragonX <firstname.lastname@example.org>
> > - Only allow ssh V.2
> I'm pretty sure this is the default. I haven't need to make this change
> since FC2 I think.
I'm not sure for FC4 I don't have a fresh install to check now but in
FC3 sshd config comes with the line "Protocol 2, 1" in it who mean
prefer protocol 2 if possible but accept protocol 1 if the client
don't support protocol 2. I always change this to "Protocol 2" to
accept only protocol 2 so protocol 1 clients can't connect. Take a
look at this and please let me know how it's configured in FC4.
> > - If you need to access the server from outside your privatenet use
> > ipsec, openvpn or something related.
> SSH is not enough? I only need shell access remotely.
Of course ssh is enough if you only need shell access. But often I
need other services at some point so i prefer having openvpn installed
even if not running. So when i'm away from the server and need an
other service a can fire it up.
> > - If data integrity is of interest use a journalized filesystem for
> > both metadata AND data (by default ext3 put only metadata in the
> > journal), LVM and RAID5 and pay attention to SMART
> Humm. I'll have to research this one. I was not aware of that limitation
> for EXT3.
use "mount -o data=journal /device /mountpoint" for mounting the
device or add data=journal in the fstab to do this.