Hi Philip,
Comments under...
>>>>> "Philip" == Philip S Tellis <Philip> writes:
Philip> [snip]
Philip> Read the security howtos and FAQ. You may also want to
Philip> read a document I hacked together from various sources at
Philip> http://www.ncst.ernet.in/~philip/writings/Linux-Security.txt
Philip> And hey, while you're at it, suggest any changes that may
Philip> need to be made.
- Need to talk more about content security in the firewall section.
Iptables & Co aren't really much good at that, only at
connection-level security. Commercial firewalls offer that. Also, we
could distinguish between connection-based and proxy-based firewalls.
- I'd include all the unused RPC and POP/IMAP services in the open
ports list.
- Some programs which aren't started through [x]inetd (e.h. sshd) also
have hosts_access enabled in their default Linux configurations.
- File integrity databases should be put onto removable medium,
otherwise the cracker can change the database and fool the integrity
checker. You may also like to mention package managament features
which do file integrity checking without requiring an extra program
(e.g. rpm -V).
- Need to talk a bit about app-level security on presumably secure
platforms, e.g. PHP/Perl/CGI with Apache. Users can get you screwed
you even if you have a secure system.
Probably much more, but I'm too lazy to think any more :)
Regards,
-- Raju
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
It is the mind that moves
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
