On Tue, 28 Apr 1998, hamoi wrote:
> okay, i want to lock down my linux box so i can almost confidently have
> it online. ya, ya, if you want ti secure, dont put it online... so what
What do you mean by "online"? There are a lot of meanings for that word
and they all require different precautions.
> - apply all the updates
> - remove those things not in use
Right.
> - shadow the passwords
Not relevant unless you are planning to give accounts to other people.
It's not a bad idea, of course, considering it's so easy, but not
critical.
> - tcp wrap stuff
Already installed by default with RH5.
> - kill telnet (or at least restrict it) and use ssh
Telnet's weakness is that it's vulnerable to eavesdropping, whereas SSH
isn't. If you're plannning to telnet in from remotely, then you should
get SSH. If you're only planning to telnet out, then your telnetting
affects the security of the remote system, but not yours. (So you may or
may not care about SSH in that case).
> - ???
Subscribe to the bugtraq and, if you're so inclined, the rootshell mailing
lists. They will inform you of security holes before Red Hat does (Red
Hat is fast about it, but Bugtraq is almost always faster). And they
bring up some issues that may not ever be addressed in Red Hat (like the
dead.letter sendmail bug, for instance).
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
