Re: Securing Fedora Core 4

<quote who="Syn Ack">
> Hello AragonX,
> I will add these steps to the list:
> - Only allow ssh V.2

I'm pretty sure this is the default.  I haven't need to make this change
since FC2 I think.

> - Deny root ssh logins

This was implied by "only allow me to logon".  What I should have written
is "Only allow my account to logon".  lol

> - Allow only ssh login with pub/priv keys and secure your priv key on
> a encrypted filesystem on a USB key

This is a great idea but I'm unable to implement it.  Many of the machines
I end up using don't have USB.  :(

> -Turn off all unneeded services
> - Remove all unneeded binaries

Yes, I will add "Install only needed apps."  I do this anyway but I should
list it.

> - If you need to access the server from outside your privatenet use
> ipsec, openvpn or something related.

SSH is not enough?  I only need shell access remotely.

> - If data integrity is of interest use a journalized filesystem for
> both metadata AND data (by default ext3 put only metadata in the
> journal), LVM and RAID5 and pay attention to SMART

Humm.  I'll have to research this one.  I was not aware of that limitation
for EXT3.

> It's what I think at the moment. Some of these steps seems really
> obvious but peoples tend to forget obvious things sometime.
> Take care,

Thank you for the tips.