I use the Center for Internet Security Red Hat Enterprise Linux Benchmark (http://cisecurity.org/bench_linux.html) to lock down the server. I took the portions in bold courier and put them in a shell script.

For SN6, I have this:
# SN.6 Evaluate Every Installed Package
echo "Evaluate Every Installed Package . . ."
rpm -e nc rp-pppoe alsa-utils bluez-hcidump \
dosfstools bluez-bluefw mt-st rdate rsh wireless-tools \
pdksh bluez-utils dhclient yp-tools libvorbis \
system-config-soundcard sox finger rdist tcsh isdn4k-utils \
ppp wvdial ypbind squid spamassassin dovecot mysql-devel \
openssl-devel e2fsprogs-devel zlib-devel krb5-devel \
mkbootdisk NetworkManager


I also added this:
# Activate slocate
echo "Updating the slocate database . . ."
cd /etc
cp -p updatedb.conf updatedb.conf.orig
sed -e "s/DAILY_UPDATE=no/DAILY_UPDATE=yes/g" \
    updatedb.conf.orig > updatedb.conf
/etc/cron.daily/slocate.cron


Shameless plug: I was the lead developer on this Benchmark (http://www.cisecurity.org/honor_roll.html).

Regards,

George Toft, CISSP




Kyle Quillen wrote:
Hey all,

What are some suggestions for a post install script that could be ran to further harden a toaster system?

This is something that I think I can contribute if you guys give me a list of things you think you would like to see the script install/setup.

Or is it good the way it is and should I just leave it alone?

Thanks

Q


---------------------------------------------------------------------
    QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to