Re: Securing Fedora Core 4
From: AragonX (aragonx_at_dcsnow.com)
Date: Fri, 23 Sep 2005 08:46:17 -0400 (EDT) To: firstname.lastname@example.org
<quote who="K. Jusupov">
> Nice (impressive) list...
> But wouldnt it be better first to classify the servers
> that you are going to secure?
> DB server might not neet spamassasin installed or mail
> server would not require for php related things and so
> And it would be easier later to maintain all these
> extra packages (updates would be required not only OS
> related, but these packages as well...)
Well, the offices that I will be setting up are rather small and I can't
convince them to separate the services to multiple machines.
So basically, the servers will have to do everything. Email, web,
firewall, gateway, file & print. Those are the tasks it will have to
There won't be any confidential information on the server so data
protection is not a big priority.
Email and web are the services that will be available to the Internet. I
guess I'm more worried about the web services. They need remote email and
I was planning on using Squirrelmail for that. They will probably want
reports something that Awstats can perform.
That opens 3 big holes. Php, Perl and CGI. I'll use Apache to password
protect the directories that these applications will live in. That should
stop the worms.