On Mon, Feb 19, 2001 at 07:13:40PM -0800, Rick Rezinas wrote:
> I've been loosely foloowing this thread, and hope you have the best of
> luck locking down. A few places to start with the inetd.conf file. You probably
>don't
> need any of those services. Install ssh. Setup your apt sources.list to
> check for
>
> deb http://security.debian.org stable/updates main contrib non-free
>
> but you may want to use a mirror, so they don't get nailed.
>
There are no mirrors of security.debian.org (or shouldn't be)
for security reasons.
This way the authenticity of security packages can be better controlled.
- Tal
> basically, each line in the sources.list has a list of packages, and they
> look to see who is the newest and install that puppy.
>
> those are a coupla basic steps to locking down your box. Others include
> not running named cux it's often a problem...I have no doubt that there are
> crackers out there with several named and sendmail holes in their pocket.
> That haven't been exposed before. So if you run mail, check out qmail.
> IMHO. Don't have key services run as root, like your webserver if that is
> key. That way if you get compromised they still need to work for root.
>
> have a nice day
> rick
>
>
>
> On Mon, 19 Feb 2001, Steve Rudd wrote:
>
> > Steve here,
> >
> > Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have
> > been maintaining my own box from a su level for about 3 months. That is why
> > I was calling in an expert to install Debian tomorrow. It has become quite
> > obvious to me that I am way over my head in trying to get my server secure.
> >
> > But I would also like to say that I was humbled by the sheer volume of
> > caring replies. I want to say that I have taken note of all of them and
> > thank you.
> >
> > My personal/superficial conclusions to my own questions based upon your
> > replies is that Debian (as a software package) is a little more secure (for
> > a variety of reasons), than Redhat 7. But the biggest factor is me getting
> > pro help by someone who knows what he is doing. Done!
> >
> > There is one primary reason why I would have chosen Debian over Redhat in
> > the first place. The auto-update feature. I was on line for the Redhat
> > Network. It never notified me of anything. Even now, after being hacked, is
> > gives me those nice smiley icons saying all is ok! <g>
> >
> > For me to get the box set up, then issue a one line command as the SU via
> > "CRT" program in SSH mode, to update is breathtakingly attractive!
> >
> > Steve
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> >
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
--
-----------------------------------------------------------------
Tal Danzig [EMAIL PROTECTED] | Libranet Linux
http://tal.thepenismightier.net | http://www.libranet.com
-----------------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
