Re: Securing a fresh Linux install?
From: florkle (florkleNAHSPAHM@yahoo.com)Date: 05/01/02
- Next message: florkle: "Re: Securing a fresh Linux install?"
- Previous message: Casey Schaufler: "Re: Posix.1e?"
- Next in thread: florkle: "Re: Securing a fresh Linux install?"
- Maybe reply: florkle: "Re: Securing a fresh Linux install?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "florkle" <florkleNAHSPAHM@yahoo.com> Date: Wed, 01 May 2002 20:34:47 GMT
OpenBSD uses pf, not ipf as of 3.0
http://openbsd.org/faq/faq6.html#PF
fwiw
"Alex Russell" <alex@netWindows.org> wrote in message
news:20020402131745.13b32068.alex@netWindows.org...
> In addition to these good suggestions, may I suggest that if it's
> available for your distro that you run the bastille script. Bastille steps
> you through locking down file perms and suid bits (and lots of other often
> missed stuff) while at the same time educating you about how and what you
> are doing. If you're new to securing Linux installs, I can't recommend
> this enough.
>
> Alternately, use OpenBSD and don't worry about any of this stuff (except
> perhaps for configuring ipf).
>
> HTH.
>
> --
> Alex Russell
> http://netWindows.org
> http://alex.netWindows.org
>
> Luke Vogel <luke@bell-bird.com.au> wrote:
>
> > node wrote:
> > >
> > > Hello,
> > >
> > > I am setting up a small lab at home to learn security by penitration
> > > testing and resecuring. I was wondering what are the first steps I
> > > should take to secure my fresh linux install.
> >
> > The first thing you should do is install a firewall. You will find
> > included in your installation, ipchains and or iptables. If you don't
> > know how to use ipchains, go to www.linux-firewall-tools.com/linux where
> > you can find a script generator that will configure your firewall only
> > allow certain types of traffic, and only on certain ports. Once you
> > answer the questions, it is simply a matter of cut n paste into your
> > firewall script.
> >
> > Talking about certain ports, you need to decide which services you need
> > to have open to the big wide world of the internet. Minimal is best! DO
> > NOT run any daemons that you don't specifically have "good" reason to.
> > The "... it would be handy to have my own ftp server ..." type of
> > thinking can be very dangerous unless you really know what you are
> > doing.
> >
> > If you have the option, you should run iptables in preference to
> > ipchains .. it is a better choice when it comes to packet filtering
> > software. There are plenty of example scripts around the net.
> >
> > > I am using RedHat 7.1 because I have Red Hat
> > > Linux 7.1 Bible in hard copy so I can use that when setting up my
> > > server. I have seen a few fairly good articles at various web sites
> > > about it but they don't go very in depth. I don't need it to be but I
> > > would like to get imput on what other people do so I can decide on how
> > > I want to go about securing the box.
> >
> > If you are into hard copy reading, try and get hold of 'Hacking Exposed"
> > (network security) It goes into a reasonable amount of detail about all
> > thing insecure.
> >
> > ... but nothing beats personal experience ... If you want to have a bit
> > of phun and learn heaps
> > at the same time, have a go at the wargame at www.hackerslab.org ... I
> > did it and have come out much wiser for the experience. (and it was lots
> > of fun!)
> >
> > Feel free to ask questions in this news group, but please read the FAQ
> > first ... refer my sig.
> > --
> > Regards
> > Luke
- Next message: florkle: "Re: Securing a fresh Linux install?"
- Previous message: Casey Schaufler: "Re: Posix.1e?"
- Next in thread: florkle: "Re: Securing a fresh Linux install?"
- Maybe reply: florkle: "Re: Securing a fresh Linux install?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
