[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Securing the basic distro
On Tue, 2 Feb 1999, Aviram Jenik wrote:
> > > I was wondering if anyone has some good pointers on securing
> > > a Linux box after the installation.
> >
> > does anyone here go READ the HOWTOs at all? looks like only 3 people on
> > this list ever heard of the LDP!!
>
> Ira, the HOWTOs are outdated. While it might be okay when installing a
> line-printer, it doesn't work when dealing with security. Security has
exactly, security is ever changing, like the FAQs will tell you, it's hard
to keep up, but the HOWTOs and FAQs will tell you whree to start looking.
here's my 1k-of-ASCII Security FAQ:
* install behind a firewall or off the net
* disable all services in inet and daemons
* compile the latest kernel
* set up some facsistic firewalling rules, install all the updates
* get rid of SUID root executables if possible
* recompile the latest perl, apache, Qpopper (enable only APOP, and only
if POP is a must)
* test the resaults with all the hacking tools you can find, do it
periodically.
* reopen minimal services, chroot-jail whatever you can
* open as few accounts as possible with minimal access
* never use telnet again when ssh is so easy to set up, etc.
* KEEP an OPEN EYE on rootshell and bugtraq.
(I probably forgot a few steps, I'm in a hurry)
good luck, sorry for my earlier, less helpful post.
> 2. If you keep telling people "RTFM" who will be left on the list? I'll tell
> you who: people who know Linux so well they don't really need this list (except
> for their social need, and the way this list is turning out to be, it's mainly
> for social needs now).
I don't mind helping on the low-tech topics, but security is not one. If a
guy has to ask about it in a mailing list such as this, it means he's got
more basic stuff to learn before he starts putting machines on the net.
--
Ira Abramov ; whois:IA58 ; www.scso.com ; all around Linux enthusiast
`When you say "I wrote a program that crashed Windows", people just stare
at you blankly and say "Hey, I got those with the system, *for free*".'
(Linus Torvalds)