Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securing Fedora Core 4

from [Syn Ack] Network Security [Permanent Link]
Subject: Re: Securing Fedora Core 4
Date: Thu, 22 Sep 2005 11:07:05 +0200 
Hello AragonX,
I will add these steps to the list:
- Only allow ssh V.2
- Deny root ssh logins
- Allow only ssh login with pub/priv keys and secure your priv key on
a encrypted filesystem on a USB key
-Turn off all unneeded services
- Remove all unneeded binaries
- If you need to access the server from outside your privatenet use
ipsec, openvpn or something related.
- If data integrity is of interest use a journalized filesystem for
both metadata AND data (by default ext3 put only metadata in the
journal), LVM and RAID5 and pay attention to SMART

It's what I think at the moment. Some of these steps seems really
obvious but peoples tend to forget obvious things sometime.
Take care,

Dodoche


On 9/21/05, AragonX <aragonx@dcsnow.com> wrote:

I am trying develop a method to secure my servers.  I'll list the steps I
am going to take.  Can you please review and make any additional
suggestions.  Thank you.

Install & configure Tripwire    http://sourceforge.net/projects/tripwire/
Install & configure Snort       http://www.snort.org/
Install & configure Bastille    http://www.bastille-linux.org/
Install & configure LIDS        http://www.lids.org/
Install & configure modsecurity http://www.modsecurity.org/
Install & configure chkrootkit  http://www.chkrootkit.org/
install dansguardian            http://www.dansguardian.org
install squid                   http://www.squid-cache.org/
Install & configure DCC         http://www.dcc-servers.net
Install & configure Pyzor       http://pyzor.sourceforge.net
Install & configure Razor       http://razor.sourceforge.net
install & configure Clamav      http://www.clamav.net
Install & configure MailScanner http://www.sng.ecs.soton.ac.uk/mailscanner/
Install & configure Ntop        http://www.ntop.org/
Install & configure Spamassassin        http://spamassassin.apache.org/
install root access email command
create a seprate /tmp partition and mount noexec, nosuid

  Configure Apache
configure for php safe mode
configure /internal web directory w/ access from private network only
configure /external web directory w/ password authentication

  Configure SSH
respond on alternate port
only allow me to logon

  Configure Fireall:
only allow access to ssh from my domains
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Securing Fedora Core 4, AragonX
Next by Date:  Re: Securing Fedora Core 4, Iraj Hedayati
Previous by Thread:  RE: Securing Fedora Core 4, Will Yonker
Next by Thread:  Re: Securing Fedora Core 4, AragonX
Indexes:  [Date] [Thread] [Top] [All Lists]