On Fri, 7 Mar 2003, postmaster wrote:
i will definately go thru the links u have given but if possible can u tell me what basic securities i should apply to my system before going online as reading the articles and then implementing would be a bit lenghty job.
This assumes you have a freshly installed system, 0. /etc/init.d/network stop 1. use chkconfig utility and shut off services you don't use. Example: chkconfig --level 2345 portmap off For more "man chkconfig" Configure services in xinetd/inetd which ever is the one you use. chkconfig can be used to start and switch off xinetd services also. 2. Configure tcp-wrappers man hosts_access 3. Configure your firewall rules. Make sure it is enabled etc. 4. /etc/init.d/ip<chains|tables> start; /etc/init.d/network start; 3. Go to updates.redhat.com/<your-redhat-release>/en/os/i386/ and get *.rpms Do a "rpm -Fvh `cat *.rpm | grep -v ^kernel`" from the directory where you downloaded rpms as root. Else if you have a up2date/RHN service use that. 4. Reboot if required or you choose to update you kernel also.
This is the minimum basic stuff you can do. But since you run a lot of services there will be other things that you must do and for that you must _read_ the links given in previous mail. For a quick hardening of your server you might want to run the famous bastille script, which will take care of most of the above stuff as well as more detailed things, get it here http:www.bastille-linux.org/. But read what bastille tells you as it hardens your machine, that way you can opt out of certain things that will be hinderance to your regular use of the machine as a server. Run bastille after you have done updates and configured the machine for various servers. Finally sit back and *read* that HOWTO, it will be useful.