--- Chris Wilcox <[EMAIL PROTECTED]> wrote: > > > If this box will run Squid and Squid only...
yes, this box will run squid and squid only.. >...then I'd > be looking into one of > the more minimal distributions such as Debian. You > don't need most of the > 'junk' that distro's like Suse will install by > default.... when u say 'junk', do u mean actively running services, that have ports to which one can connect, or do u mean the myriad of packages that SuSE will install based on the type of setup u need (which includes Minimal, Default, Default With Office or Everything)..?.. >... as most of the > services etc that will be running by default on > distro's like Suse will only > serve to slow things down. i see u mean well, but i've been running SuSE since i started in the industry, and over time one develops ideas and tricks on one's favorite flavor of Linux.. regarding running services, i know SuSE don't have INETD running by default post install.. although they do default to runlevel 5 which starts X at boot, i counter this by defaulting to runlevel 3 (really don't need X running on production gear)... i know the smtp port is open post install thanks to postfix, which i delete before anything else (and if i need a mailer, replace with exim).. the portmapper is also open by default post install, but i stop this and remove it from the runlevels so it doesn't start on boot.. then there's openssh, which is started by default post install.. this is good, of course, all i do is updgrade it to the latest stable version and close it off using iptables and the tcp wrapper.. once all that's done, i use a script that SuSE have discontinued (but it still does its job) called harden_suse.. it removes setuid and setgid bits from binaries that could compromise your system.. the script also hashes/comments all (uncommented) entries in /etc/inetd.conf... after all that, i use a customised and hardened iptables firewall to close off the only service running on the box, SSH... so, as u can see, adding squid to my system will only open up port 3128, which the firewall will close off and only redirect outbound http traffic to... i hope this is minimal enough.. Regards, Mark. > > hth > > Regards, > > Chris > > _________________________________________________________________ > Find a cheaper internet access deal - choose one to > suit you. > http://www.msn.co.uk/internetaccess > ____________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
