Oscar wrote:
> I want the machine to be as secure as possible and prefer to
> install Debian as OS.
>
> Do any of you have some recommendations or hints I should
> follow for setting up the server?
We run our server on a hardened debian 5 machine (lenny). Last time I
checked, debian 4 (etch) hardening guide could be downloaded from sans.org
but I don't have the URL to hand. Separate partitions and removing
unnecessary packages are a Good Thing, and we install to /var/lib/ossec
instead of /var/ossec.
There was also talk of someone looking into producing debian packages but I
don't know how that's progressing, so for now you'll probably still need to
compile your own. Do be aware that you can compile on one machine and
deploy the results to another that doesn't have a build environment on it.
Search the wiki for "binary install" and it'll give you basics. If you
don't want to mess with the vars, you could just run
./install.sh binary-install
Do be aware that the target environment should closely match the machine
you're compiling on or the result won't run properly. If it doesn't work,
post again and chances are someone will know how to help, even if it's to
ask for more information.
Regards,
--
Mark Smith
