On Tue, 1 Jul 2003, valerian wrote:
> On Tue, Jul 01, 2003 at 02:36:37PM +0200, Javier Castillo Alcibar wrote:
> > Hi all,
> >
> > I want to setup a new linux server in internet (apache, php, postfix,
> > mysql, dns...), and I would like to patch the standard kernel with some
> > security patches..... but my question is, what patches are the best??
> >
> > - Openwall ??
> > - TrustedDebian ??
> > - LIDS??
it's not one or the other sorta thing
- lots of to dos and how much time and $$$ to spend
vs risk of what happens if they did get into your server
> > Any suggestions??
>
> Check this out:
> http://www.grsecurity.net/features.php
rest of the kernel hardening patches
http://linux-sec.net/Harden/kernel.gwif.html
-- at a minimum, you should be using linux-2.4.21
and openwall and lids and ..
-- than use the latest php, apache, postfix, mysql, dns
- probably want to chroot your dns app
( watch out for any mysql+php incompatibilities at the
( bleeding edges though
c ya
alvin
