[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: is it secure enough
In message <34C366EF.F9671E30@f-tech.net> you write:
|(somebody giving out their password). I have set up a cron job to check
|all config files and some important programs with an MD5 checksum, just
|in case a bad guy gets in and pokes a hole that you may not be looking
|for. Right now the MD5 checksums are mailed (not to secure but it works
|for now) to me, it would be better to have them print out after a run
|(can't edit the hardcopy.)
There is a configurable tool for this called "tripwire". Maybe you
can make use of it (there is a Debian package for it, if you use
Debian).
I'd also recommand:
1. Install latest kernel with only required options.
2. Avoid using modules if possible. I've just seen on rootshell that
it is possible for a module to completly conceal itself and
anything it would like to conceal on the system, so avoiding the
module loading procedure altogether should be more secure.
3. Try to avoid running sendmail, move to Qmail.
4. configure filesystems which contain logs and mail spool (anything
which can be affected through outside access) to be on separate
partitions.
5. Try to avoid using NFS and NIS, they are pretty unsecure.
6. Don't allow ANY user account on the firewall, if you need to have
some user database (e.g. for e-mail or SOCKS or whatever) try to find
a way to define them outside /etc/passwd.
That's what I can think of right now.
Cheers,
--Amos
--Amos Shapira | "Of course Australia was marked for
133 Shlomo Ben-Yosef st. | glory, for its people had been chosen
Jerusalem 93 805 | by the finest judges in England."
ISRAEL amos@gezernet.co.il | -- Anonymous