Re: Securing Fedora Core 4

• Previous message: Andrea Pasquinucci: "Re: Securing Fedora Core 4"
• In reply to: Michael Hallager: "Re: Securing Fedora Core 4"
• Next in thread: Charles Heselton: "RE: Securing Fedora Core 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 26 Sep 2005 07:34:31 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

For nitty gritty secure OS/Application configuration, I'd suggest
taking a look at the NSA's Security Configuration Guides,
(http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1), and DISA STIGS
(http://csrc.nist.gov/pcig/cig.html). There are of course other
guides available which I would suggest reading as well. I would also
suggest reading the ones for other OS', such as Solaris, Linux shares
a lot with the other Unicies and it will give you an over all feel for
the direction the guides are taking.

- -Nick

Michael Hallager wrote:

> Hello.
>
> I suggest that rather then going in 'boots and all' that you take
> some time to study and carefully consider the following:
>
> 1. What are the threats? (Threats aren't just network, they could
> be physical as well) 2. What are the appropriate methodolgies for
> hardening against these threats? 3. And importantly - what is
> SECURITY? SECURITY is more a mindset and manner of operation then
> it is installaing a whole lot of software (which it appears
> doubtful to me that you understand the scope and opperation of the
> software that you list)
>
> Having a perception of security, if devoid of reality (which you
> can only properly evaluate after careful consideration of points 1,
> 2 and 3 and a lot of experience) could be more dangerous then just
> leaving your system alone.
>
> Kind regards,
>
> Michael Hallager
>
>> I am trying develop a method to secure my servers. I'll list the
>> steps I am going to take. Can you please review and make any
>> additional suggestions. Thank you.
>>
>> Install & configure Tripwire
>> http://sourceforge.net/projects/tripwire/ Install & configure
>> Snort http://www.snort.org/ Install & configure Bastille
>> http://www.bastille-linux.org/ Install & configure LIDS
>> http://www.lids.org/ Install & configure modsecurity
>> http://www.modsecurity.org/ Install & configure chkrootkit
>> http://www.chkrootkit.org/ install dansguardian
>> http://www.dansguardian.org install squid
>> http://www.squid-cache.org/ Install & configure DCC
>> http://www.dcc-servers.net Install & configure Pyzor
>> http://pyzor.sourceforge.net Install & configure Razor
>> http://razor.sourceforge.net install & configure Clamav
>> http://www.clamav.net Install & configure MailScanner
>> http://www.sng.ecs.soton.ac.uk/mailscanner/ Install & configure
>> Ntop http://www.ntop.org/ Install & configure Spamassassin
>> http://spamassassin.apache.org/ install root access email command
>> create a seprate /tmp partition and mount noexec, nosuid
>>
>> Configure Apache configure for php safe mode configure /internal
>> web directory w/ access from private network only configure
>> /external web directory w/ password authentication
>>
>> Configure SSH respond on alternate port only allow me to logon
>>
>> Configure Fireall: only allow access to ssh from my domains
>
>

- --
Nicholas Crawford <nick(at)null(dot)net> / neoaeon@EFnet IRC
4096/1024 Diffie-Hellman/DSS PGP key ID: 0x5DEB8672 fingerprint:
    7CD5 22D2 AD89 C419 749B 6AF1 8825 174F 5DEB 8672
Keys via key server or http://www.angelfire.com/linux/neoaeon/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDN9zCiCUXT13rhnIRA7VoAJ4ufc5u3NyiqPHTscBs3xAVCA6K3gCgha0k
aKeuAJmI+wGjMA0r/CRYj3o=
=36kD
-----END PGP SIGNATURE-----

• Previous message: Andrea Pasquinucci: "Re: Securing Fedora Core 4"
• In reply to: Michael Hallager: "Re: Securing Fedora Core 4"
• Next in thread: Charles Heselton: "RE: Securing Fedora Core 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]