[olug] securing rh7.2 box

roger schmeits schmeits at clarksoncollege.edu
Thu Aug 22 15:40:05 UTC 2002


On Thu, 2002-08-22 at 10:31, Nick Walter wrote:
> First step of security is the grand "turn it all off" tour.  do a
> "netstat -plan" to see what is running and disable everything you aren't
> explicitly sure you need.  You can look in /etc/xinetd.d/ for a lot of
> services. 
will check this one out

 Just add a disable=yes line to the individual files to
> disable an xinetd service.  Other services (such as ssh) might have
> their own independant startups and daemons.  Those you will have to
> disable by preventing their startup script in /etc/init.d from running
> (hint: use chkconfig). 
chkconfig works very nice

 If the machine is nothing but a dedicated mail
> system, I'd suggest postfix and ssh are all you need running.   
> 
> As always, protect the machine with a firewall if at all possible. 

I assuming you are talking about iptables, right?

> Configure the firewall to only allow traffic on a few select ports such
> as ssh, smtp, and possibly pop3 or imap.  
> 
> Nick Walter
> 
> On Thu, 2002-08-22 at 10:09, roger schmeits wrote:
> > Greetings:
> > Having install 7.2 with all updates using apt-get (very nice package --
> > should check it out) with Bastille-Linux I am fuzzy on where to begin.
> > 
> > I need to harden this box for Internet usage. i.e. it will be a smtp
> > gateway for our company. would like to secure this machine to a very a
> > reasonable level (which is??? please suggest!).
> > 
> > Next process will be replace sendmail with postfix (no offense to
> > sendmail fantics). done just finished a few minutes ago
> > 
> > Run Bastille-linux. done.
> > 
> > Further shutdown unneeded services. next
> > 
> > replace ipchains with iptables.
> > 
> > Have downloaded Securing & Optim. Linux v1.3 from www.openna.com and
> > will work thru this doc.
> > 
> > Any other suggestions?
> > 
> > Roger
> > 
> > 
> > 
> > 
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> > 
> 
> 
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug




More information about the OLUG mailing list