[NTLUG:Discuss] RE: Securing your Box; NTLUG'er's experience.
Phil Carinhas
pac at fortuitous.com
Wed Jan 3 19:37:41 CST 2001
Nice post!
Don't forget the Stealth Kernel Patch..
http://freshmeat.net/projects/stealthpatch/?highlight=stealth+kernel+patch
http://www.energymech.net/madcamel/fm/
And Port Sentry:
http://www.psionic.com/download/
On Wed, Jan 03, 2001 at 03:02:08PM -0600, Steve Egbert wrote:
> I haven't any problems once I performed the following steps:
>
> 1. Bastillized the damn thing (I use this mostly for:
> 2. Knock off more daemon that you don't need in /etc/inetd.conf
> 3. Replace FTP, Telnet with OpenSSH and/or Telnet-SRP
> 4. Rebuild the following daemon with TCPWrapper compile option
> 5. Customized ident (if you use IRC inside the masquerade)
> 6. Test sendmail for relay capability. An NTLUG officer
> 7a. chroot BIND (named)
> 7b. Dual-chroot BIND if you're running name server for your home network
> 8. Use tripwire religiously. Keep data file zipped and stored outside of
> 9. Various syslog monitor is out there. I still haven't
> 10. If you're a mini or private ISP (PPP server), use caller-id
> 11. Burn your entire filesystem into CDROM. If it is bigger than
> 12. Make liberal use of /etc/hosts.allow and /etc/hosts.deny.
> 13. Most importantly, FIREWALL. This nasty beast is the
> 14. Not for the faint of heart, you may want to tweak the Linux
--
-Phil C.
.---------------------------------------------------------
| P. A. Carinhas, Ph.D. | pac at fortuitous.com |
| Fortuitous Technologies Inc. | http://fortuitous.com |
---------------------------------------------------------
More information about the Discuss
mailing list