On Dec 6, 2006, at 9:09 PM, TwoEyedHuman wrote:
As root, *ln -s /usr/bin/gunzip /usr/bin/uncompress* If you plan on running unix servers, I highly recommend reading some kind of 700 page linux manual on security. <http://www.amazon.com/Maximum-Linux-Security-Protecting- Workstation/dp/0672316706> At least I did. Not only that, but read more books too. You may have a long way to go from windows to being a competent linux system admin. I'm still working toward that goal too! There's a lot of stuff to know!
And because I have free time and feel like staring down from the ivory tower, here's some simple tips! - When you first install your server, do a netstat -lp. Find all the servers marked LISTEN, and their PIDs. Kill them. If nothing breaks, disable it in your rc.d system. Do this for all your other servers. - Do another netstat -lp. Find out all the ports you're still using, and if they're using UDP or TCP. Then, learn enough ipchains (or whatever firewalling system you use) to turn everything off but those ports. Disable ICMP completely, unless you're one of those freaks like me that wants ping, then learn what you need to do to disable all ICMP except ping. - Do not, under any circumstances, allow root logins directly from remote connections. This especially means FTP, but really you shouldn't be allowing root from SSH either. Get intimate with the 'sudo' command. If you want to make your security logs readable, get intimate with configuring ssh to only accept ssh keys. Understand why it's much, much harder to get in via root this way. You will find yourself enlightened. - Take in the lesson that the only truly secure system, is one that only has one person that knows where it is, is powered off and disconnected from the network and has no removable media access. Use this lesson to setup monitoring and off-site backup that meets that standard. If you do these four things, you'll be 10 times as secure as 99% of the hosts out there. I can practically guarantee it. -- Erik Hollensbe [EMAIL PROTECTED] _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
