What I do: 1-Custom package selection, try to weed out talkd, telnetd, and some others that are installed by default. 2-netstat -a | grep LIST or netstat -l to find out who is listening for connections. 3-kill all the packages that are running that I don't want and that slipped past me earlier. 4-add ALL:ALL or ALL:PARANOID and specific services by name that I want to restrict to /etc/hosts.deny, depending on what the box is going to be used for. 5-allow access to my local network or to specific services with /etc/hosts.allow. 6-edit /etc/inetd.conf to remove unwanted services. 7-nmap localhost to see what ports are open. 8-start ipchains, kill all chains with ipchains -F. 9-block off ports that I don't want the world to see but should be open to the box itself with: ipchains -A input -p TCP -s 0.0.0.0/0 -d 0.0.0.0/0 portname -j REJECT Alternatively, set the ipchains policy to REJECT and then open up specific ports with ALLOW 10-nmap localhost again to see that everything's good. 11-install logcheck and ippl. Possibly portsentry (in the non-free section) and/or snort for a "bastion host". 12-configure portsentry if I have it installed to block out attackers with ipchains.
HTH --Mike -- It's a shame that a family can be torn apart by something as simple as wild dogs.