I don't know of any documents per se, but a good philosophy is to simply remove any services that you don't absolutely need on the server. In fact, what I often do is setup a firewall with no services (except maybe ssh) running on it (and thus no ports open) and then port forward appropriate ports through to servers residing inside the firewall. This gives you much more control over the accessing of your production server(s). And, of course, make sure all your software is up to date, so you aren't running any vulnerable services. You might also want to check out the software produced by Dan Bernstien (DJB) at http://cr.yp.to He make a very nice mail transport and a DNS server, both built from the ground up with security in mind. Hope this helps. :)
> Anyone know where I can find step-by-step documentation > on Hardening RH Linux boxes? I usually just use Bastille > Linux to do the hardening but I'd also like a better > understanding to be able to also perform the task manually > as well. > > Thanks, > > Ben ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ At night I dream of a world where Windows doesn't suck. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
