Re: Securing Fedora Core 4

> > - Only allow ssh V.2
>
> I'm pretty sure this is the default.  I haven't need to make this change
> since FC2 I think.

I'm not sure for FC4 I don't have a fresh install to check now but in
FC3 sshd config comes with the line "Protocol 2, 1" in it who mean
prefer protocol 2 if possible but accept protocol 1 if the client
don't support protocol 2. I always change this to "Protocol 2" to
accept only protocol 2 so protocol 1 clients can't connect. Take a
look at this and please let me know how it's configured in FC4.

> > - If you need to access the server from outside your privatenet use
> > ipsec, openvpn or something related.
>
> SSH is not enough?  I only need shell access remotely.

Of course ssh is enough if you only need shell access. But often I
need other services at some point so i prefer having openvpn installed
even if not running. So when i'm away from the server and need an
other service a can fire it up.

> > - If data integrity is of interest use a journalized filesystem for
> > both metadata AND data (by default ext3 put only metadata in the
> > journal), LVM and RAID5 and pay attention to SMART
>
> Humm.  I'll have to research this one.  I was not aware of that limitation
> for EXT3.

use "mount -o data=journal /device /mountpoint" for mounting the
device or add data=journal in the fstab to do this.

Take care,

Dodoche