[olug] securing rh7.2 box

[Nick Walter]

First step of security is the grand "turn it all off" tour.  do a
"netstat -plan" to see what is running and disable everything you aren't
explicitly sure you need.  You can look in /etc/xinetd.d/ for a lot of
services.  Just add a disable=yes line to the individual files to
disable an xinetd service.  Other services (such as ssh) might have
their own independant startups and daemons.  Those you will have to
disable by preventing their startup script in /etc/init.d from running
(hint: use chkconfig).  If the machine is nothing but a dedicated mail
system, I'd suggest postfix and ssh are all you need running.   

As always, protect the machine with a firewall if at all possible. 
Configure the firewall to only allow traffic on a few select ports such
as ssh, smtp, and possibly pop3 or imap.  

Nick Walter

On Thu, 2002-08-22 at 10:09, roger schmeits wrote:
> Greetings:
> Having install 7.2 with all updates using apt-get (very nice package --
> should check it out) with Bastille-Linux I am fuzzy on where to begin.
> 
> I need to harden this box for Internet usage. i.e. it will be a smtp
> gateway for our company. would like to secure this machine to a very a
> reasonable level (which is??? please suggest!).
> 
> Next process will be replace sendmail with postfix (no offense to
> sendmail fantics). done just finished a few minutes ago
> 
> Run Bastille-linux. done.
> 
> Further shutdown unneeded services. next
> 
> replace ipchains with iptables.
> 
> Have downloaded Securing & Optim. Linux v1.3 from www.openna.com and
> will work thru this doc.
> 
> Any other suggestions?
> 
> Roger
> 
> 
> 
> 
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>