On Sat, Feb 28, 2004 at 08:44:27PM +1300, Paul Wilkins wrote:
> Here's a simple question with potentially complex answers.
> I know how to lock down a naked Windows XP machine for suitable
> internet security, which usually involves antivirus scanners,
> firewalls and not using IE.
> So here's the question. What kind of things should I do with a naked
> Mandrake installation to properly secure it?
Don't run anything as root.
Stop and disable any unneeded network services, including standalone
daemons and services launched by inetd. If you're sure you'll never
need a particular service, uninstall it.
Review your Mandrake security settings via the Control Center--adjust as
needed.
Install a virus scanner if you think you need one. Other than the mail
scanning products, I can only think of free (as in beer) virus scanners
for Linux, but that doesn't mean there aren't open source alternatives
available.
Investigate using iptables (or one of the many, friendlier, interfaces
to it) to firewall the machine, or at least the Internet-facing network
interface. An easy way to start off is to block all incoming packets
and statefully allow any outgoing packets.
Check the MD5/SHA1 sums or PGP/GPG signatures of any pieces of software
before you install or build them. Build source using a different user
than your regular one.
Take a look at something like Bastille to harden your machine's
configuration.
-mjg
--
Matthew Gregan |/
/| [EMAIL PROTECTED]
