cheers that much appreciated. i'm still configuring the server atm. But i was wondierng how easy/hard it would be compile metamod for my cpu seeing the server is running those otpimizations as well
Erik Hollensbe wrote: > > On Dec 6, 2006, at 9:09 PM, TwoEyedHuman wrote: > >> As root, >> *ln -s /usr/bin/gunzip /usr/bin/uncompress* >> >> If you plan on running unix servers, I highly recommend reading some >> kind of 700 page linux manual on security. >> <http://www.amazon.com/Maximum-Linux-Security-Protecting- >> Workstation/dp/0672316706> >> At least I did. Not only that, but read more books too. You may >> have a >> long way to go from windows to being a competent linux system admin. >> >> I'm still working toward that goal too! There's a lot of stuff to >> know! > > And because I have free time and feel like staring down from the > ivory tower, here's some simple tips! > > - When you first install your server, do a netstat -lp. Find all the > servers marked LISTEN, and their PIDs. Kill them. If nothing breaks, > disable it in your rc.d system. Do this for all your other servers. > > - Do another netstat -lp. Find out all the ports you're still using, > and if they're using UDP or TCP. Then, learn enough ipchains (or > whatever firewalling system you use) to turn everything off but those > ports. Disable ICMP completely, unless you're one of those freaks > like me that wants ping, then learn what you need to do to disable > all ICMP except ping. > > - Do not, under any circumstances, allow root logins directly from > remote connections. This especially means FTP, but really you > shouldn't be allowing root from SSH either. Get intimate with the > 'sudo' command. If you want to make your security logs readable, get > intimate with configuring ssh to only accept ssh keys. Understand why > it's much, much harder to get in via root this way. You will find > yourself enlightened. > > - Take in the lesson that the only truly secure system, is one that > only has one person that knows where it is, is powered off and > disconnected from the network and has no removable media access. Use > this lesson to setup monitoring and off-site backup that meets that > standard. > > If you do these four things, you'll be 10 times as secure as 99% of > the hosts out there. I can practically guarantee it. > > -- > Erik Hollensbe > [EMAIL PROTECTED] > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
