Today, Tom Rauschenbach gleaned this insight:
> > Hey... you're about the only person I can think of who may know more
> > about security on a linux system than me.
>
>
> Are you guys gonna write a HOW-TO ?
Heehee... I really MUST learn to use e-mail one of these days....
To address your question though:
First of all, I had neither intended to post my phone number to the list,
nor to suggest that Ken and I are some kind of security gods or something.
In fact I'm sure there are people on this list who know more about
security than I do; I just don't know who they are. :)
Second, besides never having enough free time, the howto's are already
written. Some of them are disguised a little, but the info's all there.
The problem is that securing a Unix system is a very broad, far-reaching
topic with voluminous material written about it. Good places to start are
the firewall howto, the ipchains howto, the ethernet howto, the linux
sysadmin guide, the DNS howto, the NIS howto (though that comes under the
heading of lack-of-security howto) and many others. All of these are
available from the LDP website.
If you want an all-encompasing howto, what you're going to end up with are
a stack of books about as tall as me. Some good references are O'Reilly's
Practical Unix Security, Evi Nemeth's Unix System Administration Handbook,
Maximum Security - a hacker's guide to securing unix systems (anonymous),
and tons and tons of others.
This last one is great, in that it provides good starting information, and
links to articles and documents that describe the given subject material
in great detail. It also covers non-Unix OS's so if you're one of those
eclectic types, you probably should start here.
Ken tells me the same author has written a Linux-specific version of the
book too... so you may want to check that out.
There's just too much information! If you have time to digest all this
stuff, I want you to tell me how you did it!
As a final comment, I'll offer that the reason Unix is so difficult to
secure is that much of the OS and various services that were written to
run on it were originally designed to make it EASY to share data, which is
counter to our task at hand. As Paul likes to say, if people would just
be nice, none of this would be necessary...
Sigh. So much for idealism.
--
PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
