On Wed, Dec 13, 2000 at 11:11:52AM +0100, Javier Fernandez-Sanguino Pe?a wrote: > *Please* post it. It could be really useful for documents like the > Securing-Debian-HOWTO, I have my own checklist and will update the HOWTO with > it > soon. > > So, for all of you.. new thread? : checklist of things to do for a > secure > setup?
One other thing I try to be conscious of... while it can be a good idea to change the listen port of a service (such as putting ssh on a port != 22 for example), fwictl it's important to make sure any authenticating service remain on a port <=1023. Otherwise, should the "real" service fail, it would provide an opportunity for a luser to bind to its port and: 1- deny real users access 2- steal/record auth info or whatever with a rogue daemon P.S. In http://www.debian.org/doc/manuals/securing-debian-howto/ch4.html#s4.1 "Listen 666" should be "Port 666" to change the port #. Thanks. :)
