Thanks a bunch Martin! Your response was exactly what I was looking for.
-----Original Message----- From: martin f krafft [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 4:01 PM To: Subject: Re: suggestions welcome also sprach justin cunningham <[EMAIL PROTECTED]> [2002.01.15.1907 +0100]: > Given the above details what's the best way to approach the project? easy: install, but when asked about tasksel and/or dselect, select "no" both times. i don't recall what exactly is in this vanilla system that you'll then have, but i know that it does include things like portmap and others. so right there, run dselect as root on the console and *purge* everything you don't need. (purging is done with the _ key). then, press enter, and select "remove" from the menu, when that's done, quit dselect and run dpkg -l to verify what is installed. then you just use apt-get install <packagename> to add just what you want, so you will probably want to add "ssh" and maybe some security tools like "arpwatch", "snort", "tcpdump", "logcheck", "iptables" (kernel 2.4) or "ipchains" (kernel 2.2), "kernel-image-2.2.20" (you don't want to run < 20, and 2.4 isn't ready for production in many peoples' opinion (i use it for production though)). other things that don't hurt: "apt-utils", "cruft", "suidmanager", "w3m", "wget", "ncftp" (to replace ftp), "netcat" (to replace telnet), "nmap", "ntp-simple", "logoutd", "tripwire", "tmpreaper", "uptimed", "watchdog", and "wipe". you can get info on each package by executing apt-cache show <packagename> moreover, you might want to look into the following packages: harden - Makes your system hardened. harden-clients - Avoid clients that are known to be insecure. harden-doc - Useful documentation to secure a Debian system. harden-environment - Hardened system environment. harden-localflaws - Avoid packages with security holes. harden-remoteaudit - Audit your system from this host. harden-remoteflaws - Avoid packages with security holes. harden-servers - Avoid servers that are known to be insecure. harden-tools - Tools to enhance or analyze the security. and then even though "exim" is already installed and you thus have a full-featured MTA, you have the option of other good ones, like postfix, qmail, zmailer, and many others. just attempt to purge exim in dselect, press 'R', then purge exim again, and find all the available mailers right there on that page. <enter> will get you back to the dselect package selection. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] this site has moved. we'd tell you where, but then we'd have to delete you.
