Re: Securing Fedora Core 4

From: Nick Crawford (
Date: 09/26/05

  • Next message: Shay Wilson: "RE: Securing Fedora Core 4"
    Date: Mon, 26 Sep 2005 07:34:31 -0400

    Hash: RIPEMD160

    For nitty gritty secure OS/Application configuration, I'd suggest
    taking a look at the NSA's Security Configuration Guides,
    (, and DISA STIGS
    ( There are of course other
    guides available which I would suggest reading as well. I would also
    suggest reading the ones for other OS', such as Solaris, Linux shares
    a lot with the other Unicies and it will give you an over all feel for
    the direction the guides are taking.

    - -Nick

    Michael Hallager wrote:

    > Hello.
    > I suggest that rather then going in 'boots and all' that you take
    > some time to study and carefully consider the following:
    > 1. What are the threats? (Threats aren't just network, they could
    > be physical as well) 2. What are the appropriate methodolgies for
    > hardening against these threats? 3. And importantly - what is
    > SECURITY? SECURITY is more a mindset and manner of operation then
    > it is installaing a whole lot of software (which it appears
    > doubtful to me that you understand the scope and opperation of the
    > software that you list)
    > Having a perception of security, if devoid of reality (which you
    > can only properly evaluate after careful consideration of points 1,
    > 2 and 3 and a lot of experience) could be more dangerous then just
    > leaving your system alone.
    > Kind regards,
    > Michael Hallager
    >> I am trying develop a method to secure my servers. I'll list the
    >> steps I am going to take. Can you please review and make any
    >> additional suggestions. Thank you.
    >> Install & configure Tripwire
    >> Install & configure
    >> Snort Install & configure Bastille
    >> Install & configure LIDS
    >> Install & configure modsecurity
    >> Install & configure chkrootkit
    >> install dansguardian
    >> install squid
    >> Install & configure DCC
    >> Install & configure Pyzor
    >> Install & configure Razor
    >> install & configure Clamav
    >> Install & configure MailScanner
    >> Install & configure
    >> Ntop Install & configure Spamassassin
    >> install root access email command
    >> create a seprate /tmp partition and mount noexec, nosuid
    >> Configure Apache configure for php safe mode configure /internal
    >> web directory w/ access from private network only configure
    >> /external web directory w/ password authentication
    >> Configure SSH respond on alternate port only allow me to logon
    >> Configure Fireall: only allow access to ssh from my domains

    - --
    Nicholas Crawford <nick(at)null(dot)net> / neoaeon@EFnet IRC
    4096/1024 Diffie-Hellman/DSS PGP key ID: 0x5DEB8672 fingerprint:
        7CD5 22D2 AD89 C419 749B 6AF1 8825 174F 5DEB 8672
    Keys via key server or

    Version: GnuPG v1.4.2 (MingW32)
    Comment: Using GnuPG with Thunderbird -

    -----END PGP SIGNATURE-----

  • Next message: Shay Wilson: "RE: Securing Fedora Core 4"

    Relevant Pages

    • Re: What server hardening are you doing these days?
      ... Software Restriction Policy ... Grab that Windows 2003 Security guide I think they talk about this in there. ... All the file ACLs in the world can't help an unpatched ... >> While I agree the NSA guides are more secure. ...
    • Re: Security for Windows 2000 Server
      ... As i said i m cosidering "Microsoft Solutions for Security" for securing my ... I could understand all of them but except "Inheritable/Can Propagate" ... > given in the guides depends on the makeup of the network as far as downlevel ...
    • Re: Security for Windows 2000 Server
      ... I did consider "Securing Windows 2000 Server" ... > given in the guides depends on the makeup of the network as far as downlevel ... > Microsoft as the other security guides do not go into much detail on malware ...
    • RE: Priviledge escalation attack
      ... basic server hardening before deploying NT/2K.) ... Microsoft publishes checklists, ... some guides written by some truly paranoid folks: ... Included on this page are also Security Editor templates which enforce their ...