[ale] security
Glenn C. Lasher Jr.
critter at wizvax.net
Mon Apr 12 07:01:49 EDT 1999
On Sun, 11 Apr 1999, michael mcdermott wrote:
> are there any other security oriented mailing lists like CERT and
> bugtraq around that are worth subscribing to?
> also is there any info on "advanced" techniques for securing a linux
> box. I looked at the howto and its pretty basic, covers almost all the
> important stuff, but i was more interested in the arcane and esoteric
> things that you could do if you were a really paranoid bastard (which i
> am)
Here is a brief summary, provided from Archangel on the alt.2600 newsgroup
some time ago:
1. Edit your /etc/inetd.conf and remove all services you don't
actually need, then kill and restart inetd. As a rule of the thumb,
comment out what you don't understand :)
2. Install and configure a tcp wrapper that only allows network
connections from sites you allow to connect. Most Linux distributions
have one preinstalled, see files /etc/hosts.[allow|deny] and the
corresponding manpages.
3. Disable root logins that do not come from the console. See the
shadow documentation how to do this.
4. If you're running a whole network that carries important,
sensitive or secret data, I'd recommend turning one of your Linux
boxes into a firewall.
As with all things, there are those who may disagree, but that is why
this newsgroup is such a great forum for intelligent debate.
--
Critter at Wizvax.Net
US Troops out of Kosovo NOW!
PGP key available at http://www.wizvax.net/critter/pgpkey.html.
More information about the Ale
mailing list