RE: Securing Fedora Core 4
From: Will Yonker (aragonx_at_dcsnow.com)
Date: Fri, 23 Sep 2005 12:10:41 -0400 (EDT) To: email@example.com
<quote who="Charles Heselton">
> Like I said, they all provide the same outcome. They all are
> glorified wrappers for iptables, so they all have the same ultimate
> effect. I believe shorewall is a little more "low-level", and may
> provide more of the granularity that you are probably looking for. I
> haven't used shorewall, so I can't say for sure. If that one doesn't
> work out, I would recommend finding/writing a script (at least) to
> manage your iptables configuration. It makes for easy management and
> configurability, and you also are less likely to "fat-finger"
> something. ;-)
I guess I'm really afraid of missing something important when creating my
own firewall, like some spammer domains and/or IP addresses I don't know
about that I should block...
>> > 7. If you have another mail host for external mail
>> > (administrative messages and such), configure sendmail to only
>> > send mail internally (local system). You can configure spam
>> > assassin if you want, but unless you're actually transferring
>> > bulk mail, you don't really need it, nor the other 3 spam filters
>> > you listed.
>> The hosts will receive email for the domain so spam filters
>> are required.
> So, every host will be an MTA?
No but every Linux machine will. The client machines run Windows XP.
There are 3 offices at 3 different sites with 3 different domain names...
> Well, once you get the general gist down, you can break it up and
> simplify it into a checklist. Someone else mentioned that security
> is an attitude. This is true. It's a way of thinking about how you
> manage your systems. Identify your critical assets, i.e. what data
> are you trying to protect? Then, build your protection scheme from
> the inside out.
I'm trying to achieve 2 things. Protect these servers from hostiles on
the Internet and protect the users from themselves (spam and content