l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2002 Mar 25 13:10

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Before I do this...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Before I do this...



begin Rusty Minden <clownsinc@attbi.com> 
> For what my limited advice is worth I would start by checking the install. Is 
> it partitioned properly IE is /var and / on separate partitions this is a pet 
> peeve of mine I like to start with proper partitioning, but that is only my 
> opinion. 

good advice, but i think you mean ie instead of IE, which could be
interpreted as something else.  ;)

> Check your system for proper patches and keep it to a minimum.

* actually, go hog wild on proper patches.  don't stop installing them,
  and keep on installing them until you've installed ALL of them.  :)

* keep /functionality/ to a minimum (which is what rusty was saying).
  this is pretty standard stuff:
  don't enable cgi's or SSI unless you use them.  don't load apache
  modules you won't use.  many distros turn everything on but the
  kitchen sink by default.

* disable directory browsing so people can't look at what files you have.

* install portsentry, at least for a few months just so that you educate
  yourself on what nasty traffic you have.  key point: DON'T FREAK OUT.
  you'll see lots of nasty stuff.  mostly doorknob twisting that you
  really don't need to care about.  but you should at *least* be aware
  of.

  once you have the ability to look at your portsentry logs and not want
  to vomit your breakfast all over your keyboard, then you can uninstall
  portsentry.

* use a log reader.  i use logcheck based on jeff's advice.  it's pretty
  good, but i don't think the filtering works 100% as advertised.

> The more 
> software you have installed the more can go wrong IE less is better than more 
> :-) Other than that keep good logs and check them monitor your traffic and 
> use programs like ntop to monitor your network flow and saint to look for 
> security holes like unused ports.

* yes.  use saint, or even better, nmap.  saint is kind of over the hill
  and not maintained well.  nmap is pretty much the defacto standard.

* other things you CAN use are cops and tara (both very out of date).

> You may also want to look into a good 
> security book. LUGOD has one that I donated a while back and I have "Hack 
> Proofing LINUX" by Syngress Press. I was impressed with it personally. Look 
> at http://www.nerdbooks.com for other good books Dave has a great book store.

excellent advice.  all the advice in the world can't equal reading a
good book.  and nerdbooks.com is the best place to go.  they're linux
friendly, lugod friendly and has an incredible assortment of books.

security is a tug of war between a tight system vs convenience and time
you want to spend thinking about security.  no clear cut value of how
much is enough.  but i think everything i mention here is prolly more
than enough for a home adsl user.

also, go to the vox-tech archives and read about mark kim's hacking
project he did for a class at ucdavis.  imho, it's in the top 10 "best
posts ever made to vox-tech".

pete
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.